Try this:
add filter mailonly.in
set filter mailonly.in 1 permit icmp
set filter mailonly.in 2 permit udp dst eq 53
set filter mailonly.in 3 deny udp dst gt 33500
set filter mailonly.in 4 permit udp dst gt 33433
set filter mailonly.in 5 permit tcp 0.0.0.0/0 ournet/24 dst eq 25
set filter mailonly.in 6 permit tcp 0.0.0.0/0 ournet/24 dst eq 53
set filter mailonly.in 7 permit tcp 0.0.0.0/0 ournet/24 dst eq 110
add filter mailonly.out
set filter mailonly.out 1 permit icmp
set filter mailonly.out 2 permit udp
set filter mailonly.out 3 permit tcp established
Occasionally, this also allows traceroutes (rules 3&4 of the in. filter)
Mike.
-- Miquel van | Cistron Internet Services -- Alphen aan den Rijn. Smoorenburg, | mailto:info@cistron.nl http://www.cistron.nl/ miquels@cistron.nl | PTT's Het Net: Surfen in de gootsteen! <*>-- The From: and Reply-To: addresses are internal mail2news gateway addresses. Reply to the list or to miquels@cistron.nl (Miquel van Smoorenburg) - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message.