Re: (PM) Mail filter

Miquel van Smoorenburg (list-portmaster-users@news.cistron.nl)
10 Nov 1997 21:59:35 +0100

In article <01bcee19$2bb4e600$03d95ad1@mnworkstation.muznet.net>,
Richard Muzerolle <muzzy@muznet.net> wrote:
>We have been trying to set up a mail only filter. Can't seem to make it
>work. Have reviewed all the archives to no avail. This is what we have done
>so far:
>
>mail.in
>permit 0.0.0.0/0 our.dns.server.net/32
>permit 0.0.0.0/0 209.90.217.2/32 tcp dst eq 110
>permit 0.0.0.0/0 209.90.217.2/32 tcp dst eq 25
>permit icmp
>
>mail.out
>permit our.dns.server.net/32 0.0.0.0/0
>permit 209.90.217.2/32 0.0.0.0/0
>permit icmp
>
>Can receive but not send. Any help would be appreciated.

Try this:

add filter mailonly.in
set filter mailonly.in 1 permit icmp
set filter mailonly.in 2 permit udp dst eq 53
set filter mailonly.in 3 deny udp dst gt 33500
set filter mailonly.in 4 permit udp dst gt 33433
set filter mailonly.in 5 permit tcp 0.0.0.0/0 ournet/24 dst eq 25
set filter mailonly.in 6 permit tcp 0.0.0.0/0 ournet/24 dst eq 53
set filter mailonly.in 7 permit tcp 0.0.0.0/0 ournet/24 dst eq 110

add filter mailonly.out
set filter mailonly.out 1 permit icmp
set filter mailonly.out 2 permit udp
set filter mailonly.out 3 permit tcp established

Occasionally, this also allows traceroutes (rules 3&4 of the in. filter)

Mike.

-- 
   Miquel van      | Cistron Internet Services   --    Alphen aan den Rijn.
   Smoorenburg,    | mailto:info@cistron.nl          http://www.cistron.nl/
miquels@cistron.nl |       PTT's Het Net: Surfen in de gootsteen!	<*>

-- 
The From: and Reply-To: addresses are internal mail2news gateway addresses.
Reply to the list or to miquels@cistron.nl (Miquel van Smoorenburg)
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.