Wednesday, May 23, 2012

Block Port 25 On SolusVM/Xen With IPtables

SolusVM (at the time of this writing) has no internal method for firewalling customers containers. I find it often necessary to restrict ports on customers (normally port 25) and after trial and error came up with some rules for IPtables to facilitate this at the hardware node level. SolusVM uses the FORWARD chain inside of IPtables so all you need to do is:
iptables -I FORWARD 1 -d $ip -p tcp -m tcp --dport 25 -j DROP
iptables -I FORWARD 1 -s $ip -p tcp -m tcp --dport 25 -j DROP
...where $ip is the IP you are restricting port traffic on. The above rules prevent all IN/OUT port 25 traffic to a particular host.

2 comments:

  1. How do you remove these? I needed this as a temp fix but can't seem to figure out how to remove.

    ReplyDelete
  2. iptables -D FORWARD -d $ip -p tcp -m tcp --dport 25 -j DROP
    iptables -D FORWARD -s $ip -p tcp -m tcp --dport 25 -j DROP

    HTH =)

    ReplyDelete