Difference between revisions of "Iptables: block ports for email sending"

From vpsget wiki
Jump to: navigation, search
(Created page with "IN openVZ you may block the in/out on some ports for containers using CT IP address. On the server node use the next schema: Block outgoing port iptables -A FORWARD -d <CT.I...")
 
Line 17: Line 17:
 
  iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP
 
  iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP
  
 +
 +
If this is not a container, but a KVM virtual machine, then the following rules should be applied (example):
 +
 +
iptables -I FORWARD 1 -d 213.108.199.10 -p tcp -m tcp --dport 25 -j DROP
 +
iptables -I FORWARD 1 -s 213.108.199.10 -p tcp -m tcp --dport 25 -j DROP
  
 
And save changed iptables config:
 
And save changed iptables config:

Revision as of 14:56, 29 January 2021

IN openVZ you may block the in/out on some ports for containers using CT IP address. On the server node use the next schema:

Block outgoing port

iptables -A FORWARD -d <CT.IP.ADD.RESS>/32 -p tcp -m tcp --dport <BLOCK_OUT_PORT_FROM_CT> -j DROP

Block in port

iptables -A FORWARD -s <CT.IP.ADD.RESS>/32 -p tcp -m tcp --dport <BLOCK_IN_PORT_TO_CT> -j DROP

IN current examle we'll block the usual ports used to send email in/out, in this way we'll prevent spam /email sending for container. Note that if container have sevral IP's attached you need to add rule for each assigned IP address.

iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 587 -j DROP
iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 465 -j DROP
iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP
iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 587 -j DROP
iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 465 -j DROP
iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP


If this is not a container, but a KVM virtual machine, then the following rules should be applied (example):

iptables -I FORWARD 1 -d 213.108.199.10 -p tcp -m tcp --dport 25 -j DROP iptables -I FORWARD 1 -s 213.108.199.10 -p tcp -m tcp --dport 25 -j DROP

And save changed iptables config:

iptables-save >/etc/sysconfig/iptables

""