I'm reading examples for iptables, and I've got a pre-written file I'm using for the server that meets most of my needs. The format it uses to accept traffic on port 80 (for apache) is:
-A INPUT -p tcp --dport 80 -j ACCEPT
Another webpage I've read uses the following format to accept traffic for SMTP
-A INPUT -p tcp -s 0/0 --sport 1024:65535 -d server.ip.address.here --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
Which seems a lot more complex? Is it necessary, or could I simply do:
-A INPUT -p tcp --dport 25 -j ACCEPT
This rule is more specific, thus theorically allowing less connections :
With this rule the connection needs to be initiated by a client (port>=1024), on a specific IP (therefore a single interface), and the client can only initiate a new connection or use an already established one.
But this simpler rule, since less specific, allow any kind of connection, from any port, to any interface on the port 25.
Keep in mind that if you do not reinforce your firewall by using specific DROP rules, or iptables' policies (
-P) to DROP all packets that aren't explicitely allowed, any ACCEPT rule will be useless.