1

Topic: iRedMail firewall vs just firewall-cmd

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

I like to be on top of things so I tried configuring a firewall myself using firewall-cmd but somehow I feel like what the iRedMail installation has is more elaborate.

What I have running now is:

[root@email vmail]# firewall-cmd --permanent --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client http https imap imaps pop3 pop3s smtp ssh
  ports: 587/tcp xxxxx/tcp
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

Is this enough in your opinion or should I forget about trying to do it myself and use what you install?  My knowledge on the subject is limited to what I did so unless it's 1 or 2 small tweaks I wouldn't mind using your settings, if necessary.

Cheers

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail firewall vs just firewall-cmd

Dominique wrote:

Is this enough in your opinion or should I forget about trying to do it myself and use what you install?

We already have a template for your reference, so you can compare your own rules with it.

It's your server, so it's up to you. Using the one shipped by iRedMail, or building your own one, it's not a question.

3

Re: iRedMail firewall vs just firewall-cmd

ZhangHuangbin wrote:

We already have a template for your reference, so you can compare your own rules with it.

It's your server, so it's up to you. Using the one shipped by iRedMail, or building your own one, it's not a question.

I compared with what I found in iRedMail-0.9.6/samples/firewalld and it looks like it's the same... except for the submission.xml service file you made, which is neat... but the 587/tcp will do as well

thanks!