6.2.4. Simple Mail Transfer Protocol
are no rules disallowing or allowing the same kind of ports/traffic before these rules. The service in use is the "ftp-
outbound", which should be using the ALG definition "ftp-outbound" as described earlier.
Allow connections to ftp-servers on the outside:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: Allow-ftp-outbound
•
Action: Allow
•
Service: ftp-outbound
3.
For Address Filter: enter:
•
Source Interface: lan
•
Destination Interface: wan
•
Source Network: lannet
•
Destination Network: all-nets
4.
Click OK.
Rules (Using Private IPs). If the firewall is using private IP's, the following NAT rule need to be added instead:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: NAT-ftp-outbound
•
Action: NAT
•
Service: ftp-outbound
3.
For Address Filter enter:
•
Source Interface: lan
•
Destination Interface: wan
•
Source Network: lannet
•
Destination Network: all-nets
4.
Check Use Interface Address.
5.
Click OK.
6.2.4. Simple Mail Transfer Protocol
Simple Mail Transfer Protocol (SMTP) is a text based protocol that is used for transferring email
over the internet.
Key features of the SMTP ALG are:
•
Rate Limiting - A maximum allowable rate of email messages can be specified.
•
Email address blacklisting - A blacklist of email addresses can be specified so that mail from
those addresses is blocked.
•
Email address blacklisting - A whitelist of email addresses can be specified so that mail from
those addresses is allowed to pass by the ALG.
110
Chapter 6. Security Mechanisms