Author Topic: edit iptables to block port 25 outgoing  (Read 1345 times)

pctectx

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
edit iptables to block port 25 outgoing
« on: September 23, 2014, 01:31:48 pm »
Hi,

I am logged in with putty and using the vi editor but the firewall.conf file is read only and I cannot save it.
Trying to add the following line: 
iptables-t nat-A PREROUTING-i eth0-p tcp - dport 25-j DNAT - to-destination 10.1.1.254

Is there another way to do this?

pctectx

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: edit iptables to block port 25 outgoing
« Reply #1 on: September 23, 2014, 11:40:57 pm »
I've done the following and hope that this will actually block port 25 as we do not use it.

In Zentyal CE 3.5:
1) I went to Network and clicked on Services
2) Click Add New: TCP/UDP: Source port 25 and Destination port 25.  I know smtp uses TCP but added UDP just to be sure.  Click Add.
3) Click Firewall - Packet Filter - 1st Option: Filtering rules from internal networks to Zentyal - Click Configure Rules
4) Click Add New - Decision = DENY,  Source = Any,  Service = smtp (the one created in Step 2) - Click Add
5) Click Save and Save.
Once again, I am not really sure if the above will do what I want it to do - stop botnets and spam bots from sending mail via my Zentyal server!
6) for extra peace of mind I also applied the above to:  Filtering rules for Internal networks.

Will the above make port 25 a bit more secure?  Like applying: 
iptables -I FORWARD -p tcp --dport 25 -o eth1 -j DROP 
or:
iptables-t nat-A PREROUTING-i eth1-p tcp - dport 25-j DNAT - to-destination 10.1.1.254

Maybe this will help others as well.