Problem s viry na SMTP
Petr Vyhnal
konfera na simerion.net
Sobota Únor 26 18:22:33 CET 2005
Pokud to dobre chapu, tak timto ale zakazete pristup na veskere vnejsi
SMTP a uzivatele dostanou timeout chybu. Mozna ze lepsi zpusob bude
pouzit REDIRECT, ktery prevezme paket posilany na externi SMTP a doruci
jej lokalnimu SMTP. Viz.:
REDIRECT
This target is only valid in the *nat* table, in the *PREROUTING* and
*OUTPUT* chains, and user-defined chains which are only called from
those chains. It alters the destination IP address to send the packet to
the machine itself (locally-generated packets are mapped to the
127.0.0.1 address). It takes one option:
*--to-ports* /port/[-/port/]
This specifies a destination port or range of ports to use: without
this, the destination port is never altered. This is only valid if
the rule also specifies *-p tcp* or *-p udp*.
> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 25 -j DROP
>
>
>
Další informace o konferenci Linux