Mail filter: block port 25 from LAN to external network
If nethserver-firewall is installed, block port 25 for all LAN clients (green zone) to the external network (red zone).
The port 25 is reserved for communication between server. If a client sends on port 25 it's probably affected by a virus for spam generation.
The restriction can be overridden creating a new rule inside the firewall.
#4 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
- % Done changed from 60 to 70
- Configure a machine with green+red and install the package
- Connections from green to port 25 must be blocked
- Connections from blue to port 25 must be blocked
Note: before release update inline help, developer manual and admin manual.
#5 Updated by Filippo Carletti about 5 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
After I installed the update, the block rule did not block connections.
In /var/log/messages I found:
Oct 7 18:58:38 nsrv64a2 esmith::event: [ERROR] Shorewall restart: ERROR: Unknown source zone (blue) /etc/shorewall/rules (line 181)
I do not have a blue interface.
Moreover, I think that blocking a port in an update is dangerous.
We could add a checkbox somewhere to enable blocking. We could set the checkbox to disabled if updating a system and enabled if it's a new install.