On Thu, Aug 21, 2003 at 11:18:33AM -0500, Raymond Norton wrote: > I have a firewall that uses ipchains with a gateway mail server behind it > that scans messages for viruses for a few networks. Some how the box has > picked up some sort of trojan or virus that I have not found yet, and is > spewing mail. For the immediate I need a rule that stops all destination > port 25 traffic except for the allowed domains. > [snip] > ipchains -I input -j REJECT -p tcp -s 10.11.11.0/0 -d reject_everything_else/0 25 > When you say "reject_everything_else/0", you mean you're using CIDR like 1.2.3.4/0? The "/x" is the mask indicating the network size, e.g. a netmask of 24 is a netmask of 255.255.255.0. When you say a.b.c.d/0, you're really saying 0.0.0.0/0, i.e. the whole internet. Probably not what you want. http://www.geocities.com/SiliconValley/Vista/8672/network/cidr.html http://infocenter.guardiandigital.com/manuals/IDDS/node9.html -- trammell at el-swifto.com 9EC7 BC6D E688 A184 9F58 FD4C 2C12 CC14 8ABA 36F5 Twin Cities Linux Users Group (TCLUG) Minneapolis/St. Paul, Minnesota _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list