Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: pctectx on September 23, 2014, 01:31:48 pm
-
Hi,
I am logged in with putty and using the vi editor but the firewall.conf file is read only and I cannot save it.
Trying to add the following line:
iptables-t nat-A PREROUTING-i eth0-p tcp - dport 25-j DNAT - to-destination 10.1.1.254
Is there another way to do this?
-
I've done the following and hope that this will actually block port 25 as we do not use it.
In Zentyal CE 3.5:
1) I went to Network and clicked on Services
2) Click Add New: TCP/UDP: Source port 25 and Destination port 25. I know smtp uses TCP but added UDP just to be sure. Click Add.
3) Click Firewall - Packet Filter - 1st Option: Filtering rules from internal networks to Zentyal - Click Configure Rules
4) Click Add New - Decision = DENY, Source = Any, Service = smtp (the one created in Step 2) - Click Add
5) Click Save and Save.
Once again, I am not really sure if the above will do what I want it to do - stop botnets and spam bots from sending mail via my Zentyal server!
6) for extra peace of mind I also applied the above to: Filtering rules for Internal networks.
Will the above make port 25 a bit more secure? Like applying:
iptables -I FORWARD -p tcp --dport 25 -o eth1 -j DROP
or:
iptables-t nat-A PREROUTING-i eth1-p tcp - dport 25-j DNAT - to-destination 10.1.1.254
Maybe this will help others as well.