Community discussions

MikroTik App
 
akarpas
Member Candidate
Member Candidate
Topic Author
Posts: 103
Joined: Tue Mar 20, 2018 4:46 pm

Proper firewall rule to block outgoing port 25.

Sat Jun 27, 2020 7:01 pm

Mail server is installed on the network , need to block outgoing 25 but allowing this for the mail server?
Are these two rules enough to make sure nobody else except mail server can do port 25 out?
add action=drop chain=forward comment=\
"Drop Non Mail Srv SMTP Out 25" dst-port=25 out-interface=ether2 \
protocol=udp src-address=!10.10.10.10
add action=drop chain=forward comment=\
"Drop Non Mail Srv SMTP Out 25" dst-port=25 out-interface=ether2 \
protocol=tcp src-address=!10.10.10.10
 
sindy
Forum Guru
Forum Guru
Posts: 5343
Joined: Mon Dec 04, 2017 9:19 pm

Re: Proper firewall rule to block outgoing port 25.

Sat Jun 27, 2020 7:06 pm

If placed to a correct position in the chain, and if ether2 is your WAN interface, then yes. And the protocol=tcp one should be sufficient, I don't think any SMTP server listens at UDP.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
akarpas
Member Candidate
Member Candidate
Topic Author
Posts: 103
Joined: Tue Mar 20, 2018 4:46 pm

Re: Proper firewall rule to block outgoing port 25.

Sat Jun 27, 2020 7:12 pm

If placed to a correct position in the chain, and if ether2 is your WAN interface, then yes. And the protocol=tcp one should be sufficient, I don't think any SMTP server listens at UDP.
By saying "correct position" what it should be" If lets say default firewall configuration is used?
 
sindy
Forum Guru
Forum Guru
Posts: 5343
Joined: Mon Dec 04, 2017 9:19 pm

Re: Proper firewall rule to block outgoing port 25.

Sat Jun 27, 2020 7:17 pm

In the default firewall configuration, adding it to the end of the forward chain will do.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
akarpas
Member Candidate
Member Candidate
Topic Author
Posts: 103
Joined: Tue Mar 20, 2018 4:46 pm

Re: Proper firewall rule to block outgoing port 25.

Sat Jun 27, 2020 7:19 pm

In the default firewall configuration, adding it to the end of the forward chain will do.
Thank you kindly!!!

Who is online

Users browsing this forum: BillyVan, DarkNate and 63 guests