From a4ce64fd804a57a91717137ef2b290775307d3a4 Mon Sep 17 00:00:00 2001
From: Yann Autissier <yann.autissier@gmail.com>
Date: Tue, 16 May 2023 20:46:57 +0000
Subject: [PATCH] fix iptables example to forbid outgoing port 25

iptables rule target should be REJECT instead of ACCEPT.
---
 .../60.advanced/50.hooks/packaging_apps_hooks.md             | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pages/06.contribute/10.packaging_apps/60.advanced/50.hooks/packaging_apps_hooks.md b/pages/06.contribute/10.packaging_apps/60.advanced/50.hooks/packaging_apps_hooks.md
index e1e675e9..acd155d6 100644
--- a/pages/06.contribute/10.packaging_apps/60.advanced/50.hooks/packaging_apps_hooks.md
+++ b/pages/06.contribute/10.packaging_apps/60.advanced/50.hooks/packaging_apps_hooks.md
@@ -578,10 +578,11 @@ This hooks is run at the end of the command `yunohost firewall reload` or equiva
 
 ##### Examples
 
-###### Forbid completely the outgoing 25 port
+###### Forbid completely the outgoing 25 port except for postfix user
 ```bash
 #!/bin/bash
-iptables -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
+iptables -A OUTPUT -p tcp --dport 25 -m owner --uid-owner postfix -j ACCEPT
+iptables -A OUTPUT -p tcp --dport 25 -m tcp -j REJECT --reject-with icmp-port-unreachable
 ```
 [/details]