阻止 smtp 服務到 IP centos 7 防火牆

Question

如線上說明頁所述，正確的語法firewalld.richlanguage(5)是：

# firewall-cmd --zone="FedoraWorkstation" \
  --add-rich-rule='rule family=ipv4 source address=1.2.3.4 service name=smtp reject'
success

# iptables-save | grep 1.2.3.4
-A IN_FedoraWorkstation_deny -s 1.2.3.4/32 -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j REJECT --reject-with icmp-port-unreachable

請注意，這適用於連接埠 25/tcp 的傳入流量，如服務文件所述/usr/lib/firewalld/services/smtp.xml：

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mail (SMTP)</short>
  <description>This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.</description>
  <port protocol="tcp" port="25"/>
</service>

Answer 1

如線上說明頁所述，正確的語法firewalld.richlanguage(5)是：

# firewall-cmd --zone="FedoraWorkstation" \
  --add-rich-rule='rule family=ipv4 source address=1.2.3.4 service name=smtp reject'
success

# iptables-save | grep 1.2.3.4
-A IN_FedoraWorkstation_deny -s 1.2.3.4/32 -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j REJECT --reject-with icmp-port-unreachable

請注意，這適用於連接埠 25/tcp 的傳入流量，如服務文件所述/usr/lib/firewalld/services/smtp.xml：

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mail (SMTP)</short>
  <description>This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.</description>
  <port protocol="tcp" port="25"/>
</service>

阻止 smtp 服務到 IP centos 7 防火牆

答案1

相關內容