Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

IPTables Blocking Postfix
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dman777
Veteran
Veteran


Joined: 10 Jan 2007
Posts: 1004
PostPosted: Thu Aug 22, 2013 11:36 am    Post subject: IPTables Blocking Postfix Reply with quote
what would this iptables policy be blocking postfix from recieving emails? since it's default policy is ACCEPT the only rule I see that is truly blocking is the REJECT all -- anywhere anywhere reject-with icmp-host-prohibited


Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Back to top
View user's profile Send private message
massimo
Veteran
Veteran


Joined: 22 Jun 2003
Posts: 1226
PostPosted: Thu Aug 22, 2013 12:03 pm    Post subject: Reply with quote
Since the REJECT rule is before the pop3, imap, ... rules postfix will not receive any communication on these ports.
_________________
Hello 911? How are you?
Back to top
View user's profile Send private message
dman777
Veteran
Veteran


Joined: 10 Jan 2007
Posts: 1004
PostPosted: Thu Aug 22, 2013 12:07 pm    Post subject: Reply with quote
Thanks. since this default policy is set to ACCEPT how come it matters?
Back to top
View user's profile Send private message
massimo
Veteran
Veteran


Joined: 22 Jun 2003
Posts: 1226
PostPosted: Thu Aug 22, 2013 6:49 pm    Post subject: Reply with quote
Take a look at the output of iptables -Lv. This should clear things up for you.
_________________
Hello 911? How are you?
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310
PostPosted: Thu Aug 22, 2013 8:28 pm    Post subject: Reply with quote
dman777 wrote:
how come it matters?

The order of the rules is crucially important. If you REJECT first, then that is what will happen - they cannot be ACCEPTed later, they've already been REJECTed.

Change the order of the rules, or the filtering criteria.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy