Iptables: block ports for email sending
IN openVZ you may block the in/out on some ports for containers using CT IP address. On the server node use the next schema:
Block outgoing port
iptables -A FORWARD -d <CT.IP.ADD.RESS>/32 -p tcp -m tcp --dport <BLOCK_OUT_PORT_FROM_CT> -j DROP
Block in port
iptables -A FORWARD -s <CT.IP.ADD.RESS>/32 -p tcp -m tcp --dport <BLOCK_IN_PORT_TO_CT> -j DROP
IN current examle we'll block the usual ports used to send email in/out, in this way we'll prevent spam /email sending for container. Note that if container have sevral IP's attached you need to add rule for each assigned IP address.
iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 587 -j DROP iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 465 -j DROP iptables -A FORWARD -d 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP
iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 587 -j DROP iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 465 -j DROP iptables -A FORWARD -s 91.239.64.133/32 -p tcp -m tcp --dport 25 -j DROP
And save changed iptables config:
iptables-save >/etc/sysconfig/iptables
""