Trying to block port 25



  • i try to block all access to port 25, except to some trusted mail server.

    this is what i do:

    • create an alias name mailserver that contain a list of my trusted mail server ip addresses
    • create block rule: source:*  port:*  dest:!mailserver  port:25
    • another block rule: source:!mailserver port:25 dest:* port:*

    so, what's wrong with these rules?
    why i still cant access to any ip listed in mailserver alias?

    tia
    rex



  • Only your first rule should have worked as long as there is no allow rule above this one for this kind of traffic and an allow rule for other traffic below this.
    bock protocol tcp source IP any, sourceport any, destination IP ! MAILSERVER, destination port 25

    You also could define this rule like this:
    pass protocol tcp source IP any , sourceport any, destination IP MAILSERVER, destination port 25
    block protocol tcp, source IP any, sourceport any, destination IP any, destination port 25

    Check your rules order. However, I don't understand your second rule.



  • his secend rule
    is blokking emailservers that are sending trou port 25 that are not on his list





  • in youre rule you have
    ! mailserver
    or do you have
    !mailserver
    ???

    !mailserver is correct
    picture is not clear in this


Locked