Difference between revisions of "Iptables: block ports for email sending"
(Created page with "IN openVZ you may block the in/out on some ports for containers using CT IP address. On the server node use the next schema: Block outgoing port iptables -A FORWARD -d <CT.I...") |
|||
Line 17: | Line 17: | ||
iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP | iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP | ||
+ | |||
+ | If this is not a container, but a KVM virtual machine, then the following rules should be applied (example): | ||
+ | |||
+ | iptables -I FORWARD 1 -d 213.108.199.10 -p tcp -m tcp --dport 25 -j DROP | ||
+ | iptables -I FORWARD 1 -s 213.108.199.10 -p tcp -m tcp --dport 25 -j DROP | ||
And save changed iptables config: | And save changed iptables config: |
Revision as of 14:56, 29 January 2021
IN openVZ you may block the in/out on some ports for containers using CT IP address. On the server node use the next schema:
Block outgoing port
iptables -A FORWARD -d <CT.IP.ADD.RESS>/32 -p tcp -m tcp --dport <BLOCK_OUT_PORT_FROM_CT> -j DROP
Block in port
iptables -A FORWARD -s <CT.IP.ADD.RESS>/32 -p tcp -m tcp --dport <BLOCK_IN_PORT_TO_CT> -j DROP
IN current examle we'll block the usual ports used to send email in/out, in this way we'll prevent spam /email sending for container. Note that if container have sevral IP's attached you need to add rule for each assigned IP address.
iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 587 -j DROP iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 465 -j DROP iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP
iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 587 -j DROP iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 465 -j DROP iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP
If this is not a container, but a KVM virtual machine, then the following rules should be applied (example):
iptables -I FORWARD 1 -d 213.108.199.10 -p tcp -m tcp --dport 25 -j DROP iptables -I FORWARD 1 -s 213.108.199.10 -p tcp -m tcp --dport 25 -j DROP
And save changed iptables config:
iptables-save >/etc/sysconfig/iptables
""