阻止 smtp 服务到 IP centos 7 防火墙

Question

正确的语法，如firewalld.richlanguage(5)手册页中所述，是：

# firewall-cmd --zone="FedoraWorkstation" \
  --add-rich-rule='rule family=ipv4 source address=1.2.3.4 service name=smtp reject'
success

# iptables-save | grep 1.2.3.4
-A IN_FedoraWorkstation_deny -s 1.2.3.4/32 -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j REJECT --reject-with icmp-port-unreachable

请注意，这适用于端口 25/tcp 的传入流量，如服务文件中所述/usr/lib/firewalld/services/smtp.xml：

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mail (SMTP)</short>
  <description>This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.</description>
  <port protocol="tcp" port="25"/>
</service>

Answer 1

正确的语法，如firewalld.richlanguage(5)手册页中所述，是：

# firewall-cmd --zone="FedoraWorkstation" \
  --add-rich-rule='rule family=ipv4 source address=1.2.3.4 service name=smtp reject'
success

# iptables-save | grep 1.2.3.4
-A IN_FedoraWorkstation_deny -s 1.2.3.4/32 -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j REJECT --reject-with icmp-port-unreachable

请注意，这适用于端口 25/tcp 的传入流量，如服务文件中所述/usr/lib/firewalld/services/smtp.xml：

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mail (SMTP)</short>
  <description>This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.</description>
  <port protocol="tcp" port="25"/>
</service>

阻止 smtp 服务到 IP centos 7 防火墙

答案1

相关内容