5 # Firewall configuration for a dedicated mail server.
7 # Author: Max Kellermann <max@duempel.org>
10 @def $NET_TRUSTED = 195.135.144.144/28;
17 mod state state INVALID DROP;
18 mod state state (ESTABLISHED RELATED) ACCEPT;
20 # allow local connections
24 proto icmp icmp-type echo-request ACCEPT;
26 # remote administration from the company network
27 saddr $NET_TRUSTED proto tcp dport ssh ACCEPT;
29 # our services to the world
30 proto tcp dport (smtp ssmtp qmtp pop3 pop3s imap2 imap3 imaps) ACCEPT;
32 # some SMTP servers use ident
33 proto tcp dport auth REJECT;
35 # the rest is dropped by the above policy
38 # outgoing connections are not limited
39 chain OUTPUT policy ACCEPT;
41 # this is not a router
42 chain FORWARD policy DROP;