From 821af4d12ffe09e489c1a50b27c812b859c7eff7 Mon Sep 17 00:00:00 2001
From: Colin Darie <colindarie@gmail.com>
Date: Fri, 25 Mar 2011 19:02:45 +0100
Subject: [PATCH] Added a SMTP_SECURE_OK rule (port 465)

Signed-off-by: Gregory Colpart <reg@evolix.fr>
---
 firewall.rc  | 3 +++
 minifirewall | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/firewall.rc b/firewall.rc
index bf0039e..2ad88b4 100644
--- a/firewall.rc
+++ b/firewall.rc
@@ -66,6 +66,9 @@ SSHOK='0.0.0.0/0'
 # SMTP
 SMTPOK='0.0.0.0/0'
 
+# SMTP secure (port 465 et 587)
+SMTPSOK=''
+
 # NTP
 NTPOK='78.153.240.29'
 
diff --git a/minifirewall b/minifirewall
index 8d2ec6f..6579424 100644
--- a/minifirewall
+++ b/minifirewall
@@ -271,6 +271,13 @@ for x in $SMTPOK
         $IPT -A INPUT -p tcp ! --syn --sport 25 --dport $PORTSUSER -j ACCEPT
     done
 
+# SMTP secure
+for x in $SMTP_SECURE_OK
+    do
+        $IPT -A INPUT -p tcp ! --syn --sport 465 --dport $PORTSUSER -j ACCEPT
+        $IPT -A INPUT -p tcp ! --syn --sport 587 --dport $PORTSUSER -j ACCEPT
+    done
+
 # NTP
 # autoriser synchronisation ntpdate
 for x in $NTPOK