I would like to use the UCI configuration file /etc/config/firewall on Kamikaze 7.09 to accomplish the following firewall objective:

Block all outbound SMTP traffic from LAN hosts 192.168.10.xxx), except that of mail server 192.168.10.5.

The intent is to prevent malware-infected windows hosts on the LAN from sending spam without going through the mailserver.

I have added the following lines to /etc/config/firewall:

accept:dport=25 src=192.168.10.5
reject:dport=25

Are there any better ways of implementing this?

Is there a UCI syntax for using a -j LOG rule so I can identify LAN hosts which are attempting to use port 25?

Thanks.