Iptables
阻止 smtp 服務到 IP centos 7 防火牆
我想知道如何阻止 IP 以在具有 centos 7 防火牆的伺服器上使用 smtp 服務。我嘗試使用這樣的東西:
firewall-cmd --permanent --zone="public" --add-rich-rule='rule family=ipv4 source address=[ipadress] --remove-service=smtp'
但不是正確的語法
還是我應該阻止 TCP 埠 25、465 和 587?
另外,如果有人能告訴我如何自動從文件中獲取 de ip(如果可能的話)會很棒
如手冊頁中所述,正確的語法
firewalld.richlanguage(5)
是:# firewall-cmd --zone="FedoraWorkstation" \ --add-rich-rule='rule family=ipv4 source address=1.2.3.4 service name=smtp reject' success # iptables-save | grep 1.2.3.4 -A IN_FedoraWorkstation_deny -s 1.2.3.4/32 -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j REJECT --reject-with icmp-port-unreachable
請注意,這適用於到埠 25/tcp 的傳入流量,如服務文件中所述
/usr/lib/firewalld/services/smtp.xml
:<?xml version="1.0" encoding="utf-8"?> <service> <short>Mail (SMTP)</short> <description>This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.</description> <port protocol="tcp" port="25"/> </service>