Well I don't feel like debugging your filter this time at night :) but
FWIW, here's mine. It only allows ping, DNS, pop3 and smtp. Traceroute
is also blocked for no particular reason.
195.65.68.0/26 and 195.64.65.0/26 are our local networks with the
pop3, dns and smtp servers on it.
del filter mailonly.in
del filter mailonly.out
add filter mailonly.in
set filter mailonly.in 1 permit icmp
set filter mailonly.in 2 permit udp dst eq 53
set filter mailonly.in 3 deny udp dst gt 33500
set filter mailonly.in 4 permit udp dst gt 33433
set filter mailonly.in 5 permit tcp 0.0.0.0/0 195.64.65.0/26 dst eq 25
set filter mailonly.in 6 permit tcp 0.0.0.0/0 195.64.68.0/26 dst eq 25
set filter mailonly.in 7 permit tcp 0.0.0.0/0 195.64.65.0/26 dst eq 53
set filter mailonly.in 8 permit tcp 0.0.0.0/0 195.64.68.0/26 dst eq 53
set filter mailonly.in 9 permit tcp 0.0.0.0/0 195.64.65.0/26 dst eq 110
set filter mailonly.in 10 permit tcp established
add filter mailonly.out
set filter mailonly.out 1 permit icmp
set filter mailonly.out 2 permit udp
set filter mailonly.out 3 permit tcp 195.64.65.0/26 0.0.0.0/0 dst eq 25
set filter mailonly.out 4 permit tcp 195.64.68.0/26 0.0.0.0/0 dst eq 25
set filter mailonly.out 5 permit tcp established
Mike.
--
Miquel van Smoorenburg | The dyslexic, agnostic, insomniac lay in his bed
miquels@cistron.nl | awake all night wondering if there is a doG
--
The From: and Reply-To: addresses are internal mail2news gateway addresses.
Reply to the list or to miquels@cistron.nl (Miquel van Smoorenburg)
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.