Log packets trying to cross the interfaces iptables -A FORWARD -p tcp

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
# Log packets trying to cross the interfaces.
iptables -A FORWARD -p tcp --dport 25 -j LOG
# Drop those packets
iptables -A FORWARD -p tcp --dport 25 -j DROP
# Assume MTA is inside the NAT and needs to be able to talk to the
# world, but not receive.
# Fill in this field
IP_OF_MTA_HOST=
iptables -A FORWARD -p tcp -s $IP_OF_MTA_HOST --dport 25 -j ACCEPT
# Log packets trying to cross the interfaces.
iptables -A FORWARD -p tcp --dport 25 -j LOG
# Drop those packets
iptables -A FORWARD -p tcp --dport 25 -j DROP