I have my Iptables firewall locked down tight. I am now trying to write a rule to explicitlly allow incoming connections to port 25. Here is the rule so far:

iptables -A INPUT -i ETH0 --proto tcp --dport 25 -j ACCEPT

My question is, is there a way to specify that the incoming connection must be coming in on ETH0 port 25? I don't want any random connections other than those from 25. Thanks

Just read you're cry for help in /dev/random here is what I do and it works for me.

Change you're rule to deny all ports EXCEPT the one you want like this:

iptables -A INPUT -i ETH0 --p tcp --syn --destination-port ! 25 -j DROP

This rule will drop all packets EXCEPT for those received on port 25. This is for TCP packets, you'll have to make seperate rules for UDP and ICMP.

here is a Newbie Help File which will explain it in more depth.

http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html

hope this helps. :)

Thanks for taking the time to help a newb. One more question, if I want to do the same for port 1352 can I just append it like this

-A INPUT -i ETH0 --p tcp --syn --destination-port ! 25:1352 -j DROP

Thanks again..

I ran lokkit to reset my firewall to high, then I added the line above. A port scan now tells me that ports 23 and 111 (telnet and ssh) are open but not 25 or 1352? Why would that line open telnet and ssh? This makes no sense. I have read the NHF for iptables 6 times. I'm starting to miss ipchains again. DOH!
Please someone enlighten me here. The only ports I want to accept incoming connections on are 25 and 1352 and once they are open I want to forward them to our mail servers internal ip. It seems so simple, yet I have been trying to make this work for weeks. (end o rant)

Can someone tell me what is neccessary to do the above mensioned port opening and forwarding? Please

Thanks again for your patience and all your help..

I thought SSH was 22... Anyways I think doing 25:1382 will do all ports between 25 and 1382. Try doing a comma. Also did it say open or stealthed?

I use superscan for the port scanning. It showed telnet, ssh, and some port called sun microsomething all wide open. I can't figure out why this is so tough.

Originally posted by pcghost
I use superscan for the port scanning. It showed telnet, ssh, and some port called sun microsomething all wide open. I can't figure out why this is so tough.

sun rpc?