• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Firewall custom rules

W

wgc0

Guest
I have created some custom rules in the firewall to block port 25 from certain IP blocks. Initially I did this as a deny incoming and all mail delivery to clients stopped. I then set it as a deny forward to any from the IP block but it does not seem to have any effect.
Specificly, how does one indicate a network to the firewall rules? does it take 60.0.0.0 to mean the whole of the 60.0.0.0/8 network? Current evidence shows it does not. If not, what convention am I supposed to use to indicate this network?

Thanks for any assistance.
 
Hi,

If you wish to prevent connection to port 25 from network 60.0.0.0/8, a firewall rull should be like that:

# iptables -A INPUT -p tcp --dport 25 -s 60.0.0.0/8

Can yoou please post here the rule you applied?
 
I use the Plesk control panel via web and go to the add cutom rule page.
Headings and subheadings are as such:

Properties
Match Direction
Action

Ports

Sources <- this is the entry spot for the netowrk.



This is an OS X installation btw. Doesn't mean much but some of the files are in different locations than that of Linux.
 
initially I used deny incoming to port 25 from 60.0.0.0
I still get connections via smtp from the 60.0.0.0/8 network.
60.0.0.0/8 is not accepted in the sources entry indicated with a pop up error.

With this entry mail was no delivered via POP to clients nor was it forwarded via forwarder addresses. When the rule was removed mail was delivered to clients immediately that had been on the server for 24 hours.

I've also tried setting it as a forward rule from 60.0.0.0 to any on port 25 as well. This seemed to have no affect at all on the mail system.

Thank you for your attention on this.
 
Back
Top