Hi,
bei mir kommt folgende Fehlermeldung wenn ich E-Mails mit Dateianhang von den Windowskisten senden
will "SMTP incoming data timeout". Wenn ich E-Mails ohne Anhang sende geht alles.
Ich hab einen Linux-Gateway mit Suse7.3
bis dann
Sven
fehler bei E-Mailversand mit Anhang
-
Stefan Bickel
RE: Titel: fehler bei E-Mailversand mit Anhang
Hallo, hast du das Problem schon gelöst? Ich habe das gleiche Problem ;-(
Mail ohne Anhang kann ich ohne Probleme verschicken, aber sobald ein Anhang dabei ist geht nichts mehr.
Ich habe die Firewall mit FWBuilder aufgebaut. Selbst mit dem Beispiel die alle Packete weiterleitet kann ich keine Mails mit Anhang verschicken, wenn ich dagegen die SuSEfirewall2 benutze kann ich Mails mit Anhang versenden.
Hier das von FWBuilder erstelle Skript:
----------------------------------------------
#!/bin/sh
PATH="/usr/sbin:/sbin:${PATH}"
export PATH
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
}
va_num=1
add_addr() {
addr=$1
nm=$2
dev=$3
type=""
aadd=""
L=`$IP -4 link ls $dev | grep "$dev:"`
if test -n "$L"; then
OIFS=$IFS
IFS=" /:,<"
set $L
type=$4
IFS=$OIFS
L=`$IP -4 addr ls $dev to $addr | grep " inet "`
if test -n "$L"; then
OIFS=$IFS
IFS=" /"
set $L
aadd=$2
IFS=$OIFS
fi
fi
if test -z "$aadd"; then
if test "$type" = "POINTOPOINT"; then
$IP -4 addr add $addr dev $dev scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
if test "$type" = "BROADCAST"; then
$IP -4 addr add $addr/$nm dev $dev brd + scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
fi
}
getaddr() {
dev=$1
name=$2
L=`$IP -4 addr show dev $dev | grep inet`
test -z "$L" && {
eval "$name=''"
return
}
OIFS=$IFS
IFS=" /"
set $L
eval "$name=$2"
IFS=$OIFS
}
getinterfaces() {
NAME=$1
$IP link show | grep -E "$NAME[^ ]*: "| while read L; do
OIFS=$IFS
IFS=" :"
set $L
IFS=$OIFS
echo $2
done
}
LSMOD="lsmod"
MODPROBE="modprobe"
IPTABLES="iptables"
IP="ip"
LOGGER="logger"
INTERFACES="ppp0 eth1 lo "
for i in $INTERFACES ; do
$IP link show "$i" > /dev/null 2>&1 || {
log "Interface $i does not exist"
exit 1
}
done
$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
cat /proc/net/ip_tables_names | grep -v mangle | while read table; do
$IPTABLES -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES -t $table -F $chain
fi
done
$IPTABLES -t $table -X
done
$IP -4 neigh flush dev eth1 >/dev/null 2>&1
$IP -4 addr flush dev eth1 label "eth1:FWB*" >/dev/null 2>&1
add_addr 192.168.0.254 24 eth1
$IP link set eth1 up
add_addr 127.0.0.1 8 lo
$IP link set lo up
getaddr ppp0 interface_ppp0
MODULE_DIR="/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/"
MODULES=`(cd $MODULE_DIR; ls *_conntrack_* *_nat_* | sed 's/\.o.*$//' | sed 's/\.ko.*$//')`
for module in $(echo $MODULES); do
if $LSMOD | grep ${module} >/dev/null; then continue; fi
$MODPROBE ${module} || exit 1
done
log "Activating firewall script generated Sat Aug 21 07:47:57 2004 Westeuropäische Sommerzeit by sbickel"
#
# Rule 1(NAT)
#
echo "Rule 1(NAT)"
#
# outgoing connections from the vpn gateway
#
# specify later
$IPTABLES -t nat -A POSTROUTING -o ppp0 -s 192.168.0.253 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o ppp0 -s 192.168.0.104 -j MASQUERADE
#
# Rule 2(NAT)
#
echo "Rule 2(NAT)"
#
# redirect http and https access
$IPTABLES -t nat -A PREROUTING -p tcp -m multiport -s 192.168.0.0/24 --destination-port 80,443 -j DNAT --to-destination 192.168.0.254
#
# Rule 3(NAT)
#
echo "Rule 3(NAT)"
#
# access from the local network to the internet on desired ports
$IPTABLES -t nat -A POSTROUTING -o ppp0 -p tcp -m multiport -s 192.168.0.0/24 --destination-port 21,20,143,993,110,995,25,465,22,1863,5190 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o ppp0 -p udp -s 192.168.0.0/24 --destination-port 13 -j MASQUERADE
#
# Rule 4(NAT)
#
echo "Rule 4(NAT)"
#
#
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p tcp -d $interface_ppp0 --destination-port 2048:3072 -j DNAT --to-destination 192.168.0.104
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p tcp -d $interface_ppp0 --destination-port 4662 -j DNAT --to-destination 192.168.0.104
#
# Rule 5(NAT)
#
echo "Rule 5(NAT)"
#
# access from the internet to local vpn server
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p tcp -m multiport -d $interface_ppp0 --destination-port 1723,5900 -j DNAT --to-destination 192.168.0.253
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p udp -m multiport -d $interface_ppp0 --destination-port 500,4500,1701 -j DNAT --to-destination 192.168.0.253
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p 47 -d $interface_ppp0 -j DNAT --to-destination 192.168.0.253
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p 50 -d $interface_ppp0 -j DNAT --to-destination 192.168.0.253
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p 51 -d $interface_ppp0 -j DNAT --to-destination 192.168.0.253
#
#
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Rule 0(lo)
#
echo "Rule 0(lo)"
#
#
#
$IPTABLES -A INPUT -i lo -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o lo -m state --state NEW -j ACCEPT
#
# Rule 0(global)
#
echo "Rule 0(global)"
#
# allow traffic from the local network to internal firewall interface
#
$IPTABLES -N RULE_0
$IPTABLES -A INPUT -s 192.168.0.0/24 -d 255.255.255.255 -m state --state NEW -j RULE_0
$IPTABLES -A INPUT -s 0.0.0.0 -d 255.255.255.255 -m state --state NEW -j RULE_0
$IPTABLES -A INPUT -s 192.168.0.0/24 -d 192.168.0.254 -m state --state NEW -j RULE_0
$IPTABLES -A INPUT -s 0.0.0.0 -d 192.168.0.254 -m state --state NEW -j RULE_0
$IPTABLES -A RULE_0 -j LOG --log-level info --log-prefix "RULE 0 -- ACCEPT "
$IPTABLES -A RULE_0 -j ACCEPT
#
# Rule 1(global)
#
echo "Rule 1(global)"
#
# allow traffic from the internal firewall interface to local network
#
$IPTABLES -N RULE_1
$IPTABLES -A OUTPUT -s 192.168.0.254 -d 192.168.0.0/24 -m state --state NEW -j RULE_1
$IPTABLES -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -A RULE_1 -j ACCEPT
#
# Rule 2(global)
#
echo "Rule 2(global)"
#
# allow traffic from the external firewall interface to the internet
#
$IPTABLES -N RULE_2
test -n "$interface_ppp0" && $IPTABLES -A OUTPUT -s $interface_ppp0 -m state --state NEW -j RULE_2
$IPTABLES -A RULE_2 -j LOG --log-level info --log-prefix "RULE 2 -- ACCEPT "
$IPTABLES -A RULE_2 -j ACCEPT
#
# Rule 4(global)
#
echo "Rule 4(global)"
#
# allow traffic from the local network to all
#
$IPTABLES -N RULE_4
$IPTABLES -A INPUT -s 192.168.0.0/24 -m state --state NEW -j RULE_4
$IPTABLES -A OUTPUT -s 192.168.0.0/24 -m state --state NEW -j RULE_4
$IPTABLES -A FORWARD -s 192.168.0.0/24 -m state --state NEW -j RULE_4
$IPTABLES -A RULE_4 -j LOG --log-level info --log-prefix "RULE 4 -- ACCEPT "
$IPTABLES -A RULE_4 -j ACCEPT
#
# Rule 5(global)
#
echo "Rule 5(global)"
#
# special policy for ibm t40
#
$IPTABLES -N RULE_5
$IPTABLES -A OUTPUT -p tcp -d 192.168.0.104 --destination-port 2048:3072 -m state --state NEW -j RULE_5
$IPTABLES -A OUTPUT -p tcp -d 192.168.0.104 --destination-port 4662 -m state --state NEW -j RULE_5
$IPTABLES -A FORWARD -p tcp -d 192.168.0.104 --destination-port 2048:3072 -m state --state NEW -j RULE_5
$IPTABLES -A FORWARD -p tcp -d 192.168.0.104 --destination-port 4662 -m state --state NEW -j RULE_5
$IPTABLES -A RULE_5 -j LOG --log-level info --log-prefix "RULE 5 -- ACCEPT "
$IPTABLES -A RULE_5 -j ACCEPT
#
# Rule 6(global)
#
echo "Rule 6(global)"
#
# special policy for vpn gateway
#
$IPTABLES -N RULE_6
$IPTABLES -A OUTPUT -p tcp -m multiport -d 192.168.0.253 --destination-ports 1723,5900,21,22 -m state --state NEW -j RULE_6
$IPTABLES -A OUTPUT -p udp -m multiport -d 192.168.0.253 --destination-ports 500,4500,1701 -m state --state NEW -j RULE_6
$IPTABLES -A OUTPUT -p 47 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A OUTPUT -p 50 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A OUTPUT -p 51 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p tcp -m multiport -d 192.168.0.253 --destination-ports 1723,5900,21,22 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p udp -m multiport -d 192.168.0.253 --destination-ports 500,4500,1701 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p 47 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p 50 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p 51 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- ACCEPT "
$IPTABLES -A RULE_6 -j ACCEPT
#
# Rule 7(global)
#
echo "Rule 7(global)"
#
# All other attempts to connect to
# the firewall are denied and logged
#
$IPTABLES -N RULE_7
$IPTABLES -A OUTPUT -j RULE_7
$IPTABLES -A INPUT -j RULE_7
$IPTABLES -A FORWARD -j RULE_7
$IPTABLES -A RULE_7 -j LOG --log-level info --log-prefix "RULE 7 -- DENY "
$IPTABLES -A RULE_7 -j DROP
#
#
echo 1 > /proc/sys/net/ipv4/ip_forward
Mail ohne Anhang kann ich ohne Probleme verschicken, aber sobald ein Anhang dabei ist geht nichts mehr.
Ich habe die Firewall mit FWBuilder aufgebaut. Selbst mit dem Beispiel die alle Packete weiterleitet kann ich keine Mails mit Anhang verschicken, wenn ich dagegen die SuSEfirewall2 benutze kann ich Mails mit Anhang versenden.
Hier das von FWBuilder erstelle Skript:
----------------------------------------------
#!/bin/sh
PATH="/usr/sbin:/sbin:${PATH}"
export PATH
log() {
echo "$1"
test -x "$LOGGER" && $LOGGER -p info "$1"
}
va_num=1
add_addr() {
addr=$1
nm=$2
dev=$3
type=""
aadd=""
L=`$IP -4 link ls $dev | grep "$dev:"`
if test -n "$L"; then
OIFS=$IFS
IFS=" /:,<"
set $L
type=$4
IFS=$OIFS
L=`$IP -4 addr ls $dev to $addr | grep " inet "`
if test -n "$L"; then
OIFS=$IFS
IFS=" /"
set $L
aadd=$2
IFS=$OIFS
fi
fi
if test -z "$aadd"; then
if test "$type" = "POINTOPOINT"; then
$IP -4 addr add $addr dev $dev scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
if test "$type" = "BROADCAST"; then
$IP -4 addr add $addr/$nm dev $dev brd + scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
fi
}
getaddr() {
dev=$1
name=$2
L=`$IP -4 addr show dev $dev | grep inet`
test -z "$L" && {
eval "$name=''"
return
}
OIFS=$IFS
IFS=" /"
set $L
eval "$name=$2"
IFS=$OIFS
}
getinterfaces() {
NAME=$1
$IP link show | grep -E "$NAME[^ ]*: "| while read L; do
OIFS=$IFS
IFS=" :"
set $L
IFS=$OIFS
echo $2
done
}
LSMOD="lsmod"
MODPROBE="modprobe"
IPTABLES="iptables"
IP="ip"
LOGGER="logger"
INTERFACES="ppp0 eth1 lo "
for i in $INTERFACES ; do
$IP link show "$i" > /dev/null 2>&1 || {
log "Interface $i does not exist"
exit 1
}
done
$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
cat /proc/net/ip_tables_names | grep -v mangle | while read table; do
$IPTABLES -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES -t $table -F $chain
fi
done
$IPTABLES -t $table -X
done
$IP -4 neigh flush dev eth1 >/dev/null 2>&1
$IP -4 addr flush dev eth1 label "eth1:FWB*" >/dev/null 2>&1
add_addr 192.168.0.254 24 eth1
$IP link set eth1 up
add_addr 127.0.0.1 8 lo
$IP link set lo up
getaddr ppp0 interface_ppp0
MODULE_DIR="/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/"
MODULES=`(cd $MODULE_DIR; ls *_conntrack_* *_nat_* | sed 's/\.o.*$//' | sed 's/\.ko.*$//')`
for module in $(echo $MODULES); do
if $LSMOD | grep ${module} >/dev/null; then continue; fi
$MODPROBE ${module} || exit 1
done
log "Activating firewall script generated Sat Aug 21 07:47:57 2004 Westeuropäische Sommerzeit by sbickel"
#
# Rule 1(NAT)
#
echo "Rule 1(NAT)"
#
# outgoing connections from the vpn gateway
#
# specify later
$IPTABLES -t nat -A POSTROUTING -o ppp0 -s 192.168.0.253 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o ppp0 -s 192.168.0.104 -j MASQUERADE
#
# Rule 2(NAT)
#
echo "Rule 2(NAT)"
#
# redirect http and https access
$IPTABLES -t nat -A PREROUTING -p tcp -m multiport -s 192.168.0.0/24 --destination-port 80,443 -j DNAT --to-destination 192.168.0.254
#
# Rule 3(NAT)
#
echo "Rule 3(NAT)"
#
# access from the local network to the internet on desired ports
$IPTABLES -t nat -A POSTROUTING -o ppp0 -p tcp -m multiport -s 192.168.0.0/24 --destination-port 21,20,143,993,110,995,25,465,22,1863,5190 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o ppp0 -p udp -s 192.168.0.0/24 --destination-port 13 -j MASQUERADE
#
# Rule 4(NAT)
#
echo "Rule 4(NAT)"
#
#
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p tcp -d $interface_ppp0 --destination-port 2048:3072 -j DNAT --to-destination 192.168.0.104
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p tcp -d $interface_ppp0 --destination-port 4662 -j DNAT --to-destination 192.168.0.104
#
# Rule 5(NAT)
#
echo "Rule 5(NAT)"
#
# access from the internet to local vpn server
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p tcp -m multiport -d $interface_ppp0 --destination-port 1723,5900 -j DNAT --to-destination 192.168.0.253
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p udp -m multiport -d $interface_ppp0 --destination-port 500,4500,1701 -j DNAT --to-destination 192.168.0.253
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p 47 -d $interface_ppp0 -j DNAT --to-destination 192.168.0.253
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p 50 -d $interface_ppp0 -j DNAT --to-destination 192.168.0.253
test -n "$interface_ppp0" && $IPTABLES -t nat -A PREROUTING -p 51 -d $interface_ppp0 -j DNAT --to-destination 192.168.0.253
#
#
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Rule 0(lo)
#
echo "Rule 0(lo)"
#
#
#
$IPTABLES -A INPUT -i lo -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o lo -m state --state NEW -j ACCEPT
#
# Rule 0(global)
#
echo "Rule 0(global)"
#
# allow traffic from the local network to internal firewall interface
#
$IPTABLES -N RULE_0
$IPTABLES -A INPUT -s 192.168.0.0/24 -d 255.255.255.255 -m state --state NEW -j RULE_0
$IPTABLES -A INPUT -s 0.0.0.0 -d 255.255.255.255 -m state --state NEW -j RULE_0
$IPTABLES -A INPUT -s 192.168.0.0/24 -d 192.168.0.254 -m state --state NEW -j RULE_0
$IPTABLES -A INPUT -s 0.0.0.0 -d 192.168.0.254 -m state --state NEW -j RULE_0
$IPTABLES -A RULE_0 -j LOG --log-level info --log-prefix "RULE 0 -- ACCEPT "
$IPTABLES -A RULE_0 -j ACCEPT
#
# Rule 1(global)
#
echo "Rule 1(global)"
#
# allow traffic from the internal firewall interface to local network
#
$IPTABLES -N RULE_1
$IPTABLES -A OUTPUT -s 192.168.0.254 -d 192.168.0.0/24 -m state --state NEW -j RULE_1
$IPTABLES -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -A RULE_1 -j ACCEPT
#
# Rule 2(global)
#
echo "Rule 2(global)"
#
# allow traffic from the external firewall interface to the internet
#
$IPTABLES -N RULE_2
test -n "$interface_ppp0" && $IPTABLES -A OUTPUT -s $interface_ppp0 -m state --state NEW -j RULE_2
$IPTABLES -A RULE_2 -j LOG --log-level info --log-prefix "RULE 2 -- ACCEPT "
$IPTABLES -A RULE_2 -j ACCEPT
#
# Rule 4(global)
#
echo "Rule 4(global)"
#
# allow traffic from the local network to all
#
$IPTABLES -N RULE_4
$IPTABLES -A INPUT -s 192.168.0.0/24 -m state --state NEW -j RULE_4
$IPTABLES -A OUTPUT -s 192.168.0.0/24 -m state --state NEW -j RULE_4
$IPTABLES -A FORWARD -s 192.168.0.0/24 -m state --state NEW -j RULE_4
$IPTABLES -A RULE_4 -j LOG --log-level info --log-prefix "RULE 4 -- ACCEPT "
$IPTABLES -A RULE_4 -j ACCEPT
#
# Rule 5(global)
#
echo "Rule 5(global)"
#
# special policy for ibm t40
#
$IPTABLES -N RULE_5
$IPTABLES -A OUTPUT -p tcp -d 192.168.0.104 --destination-port 2048:3072 -m state --state NEW -j RULE_5
$IPTABLES -A OUTPUT -p tcp -d 192.168.0.104 --destination-port 4662 -m state --state NEW -j RULE_5
$IPTABLES -A FORWARD -p tcp -d 192.168.0.104 --destination-port 2048:3072 -m state --state NEW -j RULE_5
$IPTABLES -A FORWARD -p tcp -d 192.168.0.104 --destination-port 4662 -m state --state NEW -j RULE_5
$IPTABLES -A RULE_5 -j LOG --log-level info --log-prefix "RULE 5 -- ACCEPT "
$IPTABLES -A RULE_5 -j ACCEPT
#
# Rule 6(global)
#
echo "Rule 6(global)"
#
# special policy for vpn gateway
#
$IPTABLES -N RULE_6
$IPTABLES -A OUTPUT -p tcp -m multiport -d 192.168.0.253 --destination-ports 1723,5900,21,22 -m state --state NEW -j RULE_6
$IPTABLES -A OUTPUT -p udp -m multiport -d 192.168.0.253 --destination-ports 500,4500,1701 -m state --state NEW -j RULE_6
$IPTABLES -A OUTPUT -p 47 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A OUTPUT -p 50 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A OUTPUT -p 51 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p tcp -m multiport -d 192.168.0.253 --destination-ports 1723,5900,21,22 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p udp -m multiport -d 192.168.0.253 --destination-ports 500,4500,1701 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p 47 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p 50 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p 51 -d 192.168.0.253 -m state --state NEW -j RULE_6
$IPTABLES -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- ACCEPT "
$IPTABLES -A RULE_6 -j ACCEPT
#
# Rule 7(global)
#
echo "Rule 7(global)"
#
# All other attempts to connect to
# the firewall are denied and logged
#
$IPTABLES -N RULE_7
$IPTABLES -A OUTPUT -j RULE_7
$IPTABLES -A INPUT -j RULE_7
$IPTABLES -A FORWARD -j RULE_7
$IPTABLES -A RULE_7 -j LOG --log-level info --log-prefix "RULE 7 -- DENY "
$IPTABLES -A RULE_7 -j DROP
#
#
echo 1 > /proc/sys/net/ipv4/ip_forward