We have a FC6 machine that only receives email through sendmail. We have the fc6 firewall enabled with smtp allowed through. This sendmail machine sends mail to our bridgehead mail server for virus/spam detection. We are moving to an external spam/virus filtering service.

We want to restrict incoming email to only be accepted from the 4 hosts that our new filtering service uses. I don't see a way to allow this either using system-config-securitylevel or system-config-securitylevel-tui.


How do restrict inbound smtp access to 4 hosts only from the firewall.
This FC6 machine has 2 interfaces. eth0 is internal LAN, eth1 is external ISP connection.

Thanks in advance for any help provided,
-Jon

I believe you would put the names of those hosts into /etc/hosts.allow and that will only allow those hosts to connect. You would then use hosts.deny to deny all other connections. Do man hosts.allow to learn more. You would have to put in wildcards in the hosts.deny file.

Firestarter makes this pretty easy. It is basically a GUI for creating iptables entries, the same as system-config-securitylevel does, but is more flexible. It replaces the rules set up by system-config-securitylevel, so you would need to re-enter anything you have already set up there.

Alternatively, you could manually edit /etc/sysconfig/iptables, but I think any changes would get lost next time you run system-config-securitylevel.