Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to block port 25

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rexster
      last edited by

      i try to block all access to port 25, except to some trusted mail server.

      this is what i do:

      • create an alias name mailserver that contain a list of my trusted mail server ip addresses
      • create block rule: source:*  port:*  dest:!mailserver  port:25
      • another block rule: source:!mailserver port:25 dest:* port:*

      so, what's wrong with these rules?
      why i still cant access to any ip listed in mailserver alias?

      tia
      rex

      http://www.GoBlogLah.com

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Only your first rule should have worked as long as there is no allow rule above this one for this kind of traffic and an allow rule for other traffic below this.
        bock protocol tcp source IP any, sourceport any, destination IP ! MAILSERVER, destination port 25

        You also could define this rule like this:
        pass protocol tcp source IP any , sourceport any, destination IP MAILSERVER, destination port 25
        block protocol tcp, source IP any, sourceport any, destination IP any, destination port 25

        Check your rules order. However, I don't understand your second rule.

        1 Reply Last reply Reply Quote 0
        • J
          jeroen234
          last edited by

          his secend rule
          is blokking emailservers that are sending trou port 25 that are not on his list

          1 Reply Last reply Reply Quote 0
          • R
            rexster
            last edited by

            this is the exact order:
            ![](<br /><br />yet, i still cant access my mail server.<br />all port 25 blocked with no exception.<br /><br /><br />)

            http://www.GoBlogLah.com

            1 Reply Last reply Reply Quote 0
            • J
              jeroen234
              last edited by

              in youre rule you have
              ! mailserver
              or do you have
              !mailserver
              ???

              !mailserver is correct
              picture is not clear in this

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.