Allow only localhost connections to the SMTP port (ban all outside) on Linux (Ubuntu etc).
iptables -A INPUT -i lo -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j DROP
You could use: iptables -A INPUT -p tcp -s localhost --dport 25 -j ACCEPT
Although the first version is better because self-addressed packets do not necessarily have 127.0.0.1 as its source, but they all 'enter' from the lo interface.
The above rule means "Anything coming from localhost to port 25, accept" and the second rule says "Drop anything coming into port 25". The first line is processed first, allowing localhost, and anything else will get dropped by the second line.
How would you undo or revert this?
iptables -D INPUT -i lo -p tcp --dport 25 -j ACCEPT
iptables -D INPUT -p tcp --dport 25 -j DROP
How to keep persistent after a reboot?
service iptables save
To check/list the rules :