[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
howtos:network_services:postfix_dovecot_mysql:email_firewall [2015/03/08 09:30 (UTC)] – Errata, updates astrogeekhowtos:network_services:postfix_dovecot_mysql:email_firewall [2018/02/06 00:58 (UTC)] – Removed UFW syntax added by others - added policy lines astrogeek
Line 9: Line 9:
 <note important>Loading //only// the rules below as your firewall will close other access that may be important to you such as http and ssh! <note important>Loading //only// the rules below as your firewall will close other access that may be important to you such as http and ssh!
 You should first use iptables -L to check for pre-existing rules and merge those below into your existing firewall. You should first use iptables -L to check for pre-existing rules and merge those below into your existing firewall.
-If you have no existing firewall and need to allow http and ssh, uncomment the liines for those also included here.</note>+If you have no existing firewall and need to allow http and ssh, uncomment the lines for those also included here.</note>
  
 Following is a minimal set of iptables rules to provide a firewall for your email server. Following is a minimal set of iptables rules to provide a firewall for your email server.
  
 <code> <code>
 +--policy INPUT DROP
 +--policy FORWARD DROP
 +--policy OUTPUT DROP
 +
 -A INPUT -m state --state INVALID -j DROP -A INPUT -m state --state INVALID -j DROP
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Line 54: Line 58:
 Ports 993 and 995 provide secure Imap and Pop3, respectively. These must be open in order for your virtual users to be able to send and receive email. Ports 993 and 995 provide secure Imap and Pop3, respectively. These must be open in order for your virtual users to be able to send and receive email.
  
-To install these rules as your firewall save them to a text file then load that file using iptables-restore. This will replace any currently existing iptables rules with those in the file.+To install these rules as your firewall save them to a text file using <code>iptables-save >/etc/firewall.rules</code> then load that file using iptables-restore as shown below. This will replace any currently existing iptables rules with those in the file.
  
 There are many preferences for saving and loading firewall scripts. I generally use /etc/firewall.rules for my own systems and will use that for this example. There are many preferences for saving and loading firewall scripts. I generally use /etc/firewall.rules for my own systems and will use that for this example.
 howtos:network_services:postfix_dovecot_mysql:email_firewall ()