Trying to block port 25
-
i try to block all access to port 25, except to some trusted mail server.
this is what i do:
- create an alias name mailserver that contain a list of my trusted mail server ip addresses
- create block rule: source:* port:* dest:!mailserver port:25
- another block rule: source:!mailserver port:25 dest:* port:*
so, what's wrong with these rules?
why i still cant access to any ip listed in mailserver alias?tia
rex
-
Only your first rule should have worked as long as there is no allow rule above this one for this kind of traffic and an allow rule for other traffic below this.
bock protocol tcp source IP any, sourceport any, destination IP ! MAILSERVER, destination port 25You also could define this rule like this:
pass protocol tcp source IP any , sourceport any, destination IP MAILSERVER, destination port 25
block protocol tcp, source IP any, sourceport any, destination IP any, destination port 25Check your rules order. However, I don't understand your second rule.
-
his secend rule
is blokking emailservers that are sending trou port 25 that are not on his list
-
this is the exact order:
-
in youre rule you have
! mailserver
or do you have
!mailserver
???!mailserver is correct
picture is not clear in this