Source

iredmail / iRedMail / samples / iptables.rules

Full commit
Zhang Huangbin 7c26194 

































Zhang Huangbin 232569d 


Zhang Huangbin 4cdebd3 

















Zhang Huangbin 7c26194 




Zhang Huangbin 0c97404 


Zhang Huangbin 7c26194 

Zhang Huangbin 0c97404 

Zhang Huangbin 7c26194 

Zhang Huangbin 0c97404 

Zhang Huangbin 7c26194 
#---------------------------------------------------------------------
# This file is part of iRedMail, which is an open source mail server
# solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu.
#
# iRedMail is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# iRedMail is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with iRedMail.  If not, see <http://www.gnu.org/licenses/>.
#---------------------------------------------------------------------

#
# Sample iptables rules. It should be localted at:
#   /etc/sysconfig/iptables
#
# Shipped within iRedMail project:
#   * http://iRedMail.googlecode.com/
#

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# Keep state.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Loop device.
-A INPUT -i lo -j ACCEPT

# http, https
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# smtp, submission
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT

# pop3, pop3s
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT

# imap, imaps
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

# ssh
-A INPUT -p tcp --dport 22 -j ACCEPT

# Allow PING from remote hosts.
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# ejabberd
#-A INPUT -p tcp --dport 5222 -j ACCEPT
#-A INPUT -p tcp --dport 5223 -j ACCEPT
#-A INPUT -p tcp --dport 5280 -j ACCEPT

# ldap/ldaps
#-A INPUT -p tcp --dport 389 -j ACCEPT
#-A INPUT -p tcp --dport 636 -j ACCEPT

# ftp.
#-A INPUT -p tcp --dport 20 -j ACCEPT
#-A INPUT -p tcp --dport 21 -j ACCEPT

COMMIT