[Cialug] Procmail / Sendmail config pbm

albus albus at iowaconnect.com
Tue Apr 5 15:30:15 CDT 2011 

If all you want is ssh allowed from the one IP you could try this.

 

A RH-Firewall-1-INPUT -i eth0 -p tcp  -s  67.41.107.185 --dport 22 -j ACCEPT

A RH-Firewall-1-INPUT -i eth0 -p tcp  -s  0/0 --dport 22 -j DROP

 

Second line to force any and all traffic to DROP.

Do you have more than on NIC in this machine.? If you have just one you
could probably use

 

A RH-Firewall-1-INPUT -p tcp  -s  67.41.107.185 --dport 22 -j ACCEPT

A RH-Firewall-1-INPUT -p tcp  -s  0/0 --dport 22 -j DROP

 

 

  _____  

From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf
Of Tim Perdue
Sent: Tuesday, April 05, 2011 3:07 PM
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] Procmail / Sendmail config pbm

 

On 4/5/2011 2:04 PM, Josh More wrote:
> Try troubleshooting by commenting out all lines after "-A
RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" and
seeing if it will run the setup without issue.  (Note that this may kill
your SSH.)
>
> Alternatively, move this file to a backup and use
system-config-securitylevel to create a new file from scratch.  If that
works, your system is fine with regards to iptables and you just have to get
the rules right.  Add them in one at a time and see which one causes the
problem.
>
> Were it me, I would do the latter, as there are a lot of lines that are
commented out that may either need that or are commented out for
troubleshooting, so it is difficult to identify what it's supposed to be
doing.

Yeah, it does accept that if you comment out the one rule. Strange thing
is, this file is copied from the original mailserver, running the same OS.

If you re-enable the one line below it gets this error:

Applying iptables firewall rules: iptables-restore: line 14 failed
                                                            [FAILED]


> # Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *filter
> :INPUT   ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> #home
> -A RH-Firewall-1-INPUT -i eth0 -p tcp --dport 22 -m iprange --src-range
> 67.41.107.185-67.41.107.185 -j ACCEPT
> COMMIT

_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1209 / Virus Database: 1500/3552 - Release Date: 04/05/11

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110405/892a3a27/attachment.html>

More information about the Cialug mailing list