1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Firewall custom rules

Discussion in 'Plesk for Linux - 8.x and Older' started by wgc0, Nov 8, 2007.

  1. wgc0

    wgc0 Guest

    0
     
    I have created some custom rules in the firewall to block port 25 from certain IP blocks. Initially I did this as a deny incoming and all mail delivery to clients stopped. I then set it as a deny forward to any from the IP block but it does not seem to have any effect.
    Specificly, how does one indicate a network to the firewall rules? does it take 60.0.0.0 to mean the whole of the 60.0.0.0/8 network? Current evidence shows it does not. If not, what convention am I supposed to use to indicate this network?

    Thanks for any assistance.
     
  2. Satoriya

    Satoriya Guest

    0
     
    Hi,

    If you wish to prevent connection to port 25 from network 60.0.0.0/8, a firewall rull should be like that:

    # iptables -A INPUT -p tcp --dport 25 -s 60.0.0.0/8

    Can yoou please post here the rule you applied?
     
  3. wgc0

    wgc0 Guest

    0
     
    I use the Plesk control panel via web and go to the add cutom rule page.
    Headings and subheadings are as such:

    Properties
    Match Direction
    Action

    Ports

    Sources <- this is the entry spot for the netowrk.



    This is an OS X installation btw. Doesn't mean much but some of the files are in different locations than that of Linux.
     
  4. wgc0

    wgc0 Guest

    0
     
    initially I used deny incoming to port 25 from 60.0.0.0
    I still get connections via smtp from the 60.0.0.0/8 network.
    60.0.0.0/8 is not accepted in the sources entry indicated with a pop up error.

    With this entry mail was no delivered via POP to clients nor was it forwarded via forwarder addresses. When the rule was removed mail was delivered to clients immediately that had been on the server for 24 hours.

    I've also tried setting it as a forward rule from 60.0.0.0 to any on port 25 as well. This seemed to have no affect at all on the mail system.

    Thank you for your attention on this.
     
Loading...