Iptables rule to block access to our IMAP server
When migrating to Zimbra, I don’t want people to fiddle with their mail when I’m doing it, so I disable IMAP access from anything but the virtual machine instance in which Zimbra is running. I do that...
View ArticleConvenient iptables rules
Here are some convenient iptables rules. This first list is for not allowing anything in, accept packets that come back from outgoing connections, complicated related traffic like FTP, everything from...
View ArticleSaving and loading iptables rules on Debian
For some reason, Debian can’t do “/etc/init.d/iptables save”. So, we have to fix something ourselves. I used this article as source, which also has some useful comments. Apparently, the iptables...
View ArticleMaking a port forwarded machine available from within the LAN
When you forward a port to an internal machine on the network, you still can’t access that host using your WAN-IP from within the LAN. This article explains it well. In short, it’s because the reply...
View ArticleMaking a service available on more ports with iptables
If you need services to be availble on multiple ports, you can use: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1000 -j REDIRECT --to-port 25 --match comment --comment "Explain." This makes...
View ArticleIptables: limiting amount of connections per IP
Short version of this. To allow SSH TCP connections, but only 10 new per 60 seconds: iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent...
View Article
