Iptables: block ports for email sending

From vpsget wiki
Revision as of 00:02, 29 November 2016 by Ndi (talk | contribs) (Created page with "IN openVZ you may block the in/out on some ports for containers using CT IP address. On the server node use the next schema: Block outgoing port iptables -A FORWARD -d <CT.I...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

IN openVZ you may block the in/out on some ports for containers using CT IP address. On the server node use the next schema:

Block outgoing port

iptables -A FORWARD -d <CT.IP.ADD.RESS>/32 -p tcp -m tcp --dport <BLOCK_OUT_PORT_FROM_CT> -j DROP

Block in port

iptables -A FORWARD -s <CT.IP.ADD.RESS>/32 -p tcp -m tcp --dport <BLOCK_IN_PORT_TO_CT> -j DROP

IN current examle we'll block the usual ports used to send email in/out, in this way we'll prevent spam /email sending for container. Note that if container have sevral IP's attached you need to add rule for each assigned IP address.

iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 587 -j DROP
iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 465 -j DROP
iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP
iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 587 -j DROP
iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 465 -j DROP
iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP


And save changed iptables config:

iptables-save >/etc/sysconfig/iptables

""