Right now there is a firewall in place for a mail server as follows:
## mail.foo.com ## MAIL_EXT_IP="x.x.x.x" MAIL_INT_IP="y.y.y.y" $IPTABLES -A FORWARD -i $OUTSIDE -d $MAIL_EXT_IP -j ACCEPT
## Mail traffic will be forwarded to the mail server ## $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP
--dport 22 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP
--dport 25 -j DNAT --to-destination $MAIL_INT_IP #$IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP
--dport 80 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP
--dport 110 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP
--dport 993 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p tcp -i $OUTSIDE -d $MAIL_EXT_IP
--dport 995 -j DNAT --to-destination $MAIL_INT_IP $IPTABLES -t nat -A PREROUTING -p all -i $OUTSIDE -d $MAIL_EXT_IP -j DROP
Would it be possible to modify this so that port 25 is only open for 2 incoming IP addresses rather than forwarding all port 25 traffic?
Thanks Frank