Sendmail & IpTable Rules
6,727
If you want to allow your Linux box to send emails via port 25, you should allow it by adding a rule like:
$ iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
Similarly for DNS traffic:
$ iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
If there is no such explicit rules, the traffic will be denied by default as the default policy is set to DROP
.
Update:
Don't forget to allow the related/established connections using:
$ iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$ iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Related videos on Youtube
Author by
s1ck
Updated on September 18, 2022Comments
-
s1ck over 1 year
I need to setup IpTable Rules for a server with nginx, ssh and sendmail. Now, the problem is, with my rules I can not send emails to other hosts anymore. Emails to localhost do work, but sending to different servers does not, when the firewall is up.
I tried opening both Incoming and Outgoing Port 25 and DNS lookup ports, but nothing worked. Any ideas?
Update:
Here are my rules:
#! /bin/sh # firewall iptable rules interface="eth0" # first, deny all iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # open loopback device completely iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # open ssh ports iptables -A INPUT -p tcp -i $interface --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp -o $interface --sport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT # open browser ports iptables -A INPUT -p tcp -i $interface --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp -o $interface --sport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT
-
BE77Y over 7 yearsThis question already has an accepted answer, to which yours really doesn't add anything useful.