Changing Outgoing Policy to DROP in Datacenter Firewall

[rackdie]

I am receiving alot of abuse reports for mail spamming so I want to allow incoming port 25 traffic to receive mails but want to drop outgoing for port 25 so no one can send mails.
I have configured the main datacenter firewall with drop incoming connections except the ports i need. I now want to block all outgoing traffic like mail spam so is it possible to change Outgoing Policy from ACCEPT to DROP in datacenter firewall instead of manually doing it in each VM. is there any negative side of changing from ACCEPT to DROP?

 

[Dunuin]

Are you running the mail server bare metal? Keep in mind that the datacenter firewall will only block traffic to/from your nodes, not to/from your VMs/LXCs.

 

[rackdie]

Are you running the mail server bare metal? Keep in mind that the datacenter firewall will only block traffic to/from your nodes, not to/from your VMs/LXCs.

So that means I have to do it manually for all VMs? am i right? its their any easier way to like copy paste firewall rules from one VM and paste it to other VM

 

[Dunuin]

its their any easier way to like copy paste firewall rules from one VM and paste it to other VM

Have a look a security groups. You could create security group for blocking mail trafic and then add that security group to all VMs using mails.

 

[rackdie]

Thankyou so much. ill give it a try