Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem with incoming e-mails because of firewall

Discussion in 'E-mail Discussions' started by mr.robot, Apr 13, 2017.

Tags:
  1. mr.robot

    mr.robot Registered

    Joined:
    Apr 13, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Germany
    cPanel Access Level:
    Root Administrator
    Hi, I am doing my iptables to set up and have the following problem. Since I lock the incoming ports and unblock individually and the outgoing ports have completely shared, the emails go out but not pure!

    I found no port to put the e-mail traffic again normal. If I allow the firewall everything then I do not have this problem!

    My goal is: Several IP's are available and would like to release only port 80 and 443 for the websites.

    My IPTABLES rules is:

    Code:
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    
    iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
    iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
    
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD DROP
    
    iptables -A INPUT -i lo -j ACCEPT
    
    iptables -A INPUT -p tcp -m tcp -m multiport -d IP6 --dports 21,22,25,111,465,993,995,2096,2083,2087 -j ACCEPT
    iptables -A INPUT -p udp -m udp -m multiport -d all --dports 67,111,845 -j ACCEPT
    
    #TCP Special
    iptables -A INPUT -p tcp -m tcp -m multiport -d IP1 --dports 80,443 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp -m multiport -d IP2 --dports 80,443 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp -m multiport -d IP3 --dports 80,443 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp -m multiport -d IP4 --dports 80,443 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp -m multiport -d IP5 --dports 80,443 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp -m multiport -d IP7 --dports 80,443 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp -m multiport -d IP8 --dports 80,443 -j ACCEPT
    
    #UDP
    iptables -A INPUT -p udp -m udp -m multiport --src 127.0.0.1 --dports 53,323 --jump ACCEPT
    iptables --append INPUT --match udp --protocol udp --src 192.168.122.1 --sport 53 --jump ACCEPT
    iptables -A INPUT -p udp -m udp -m multiport --dports 67,111,845 --jump ACCEPT
    #
    iptables --append INPUT --match udp --protocol udp --src IP1 --sport 53 --jump ACCEPT
    iptables --append INPUT --match udp --protocol udp --src IP2 --sport 53 --jump ACCEPT
    iptables --append INPUT --match udp --protocol udp --src IP3 --sport 53 --jump ACCEPT
    iptables --append INPUT --match udp --protocol udp --src IP4 --sport 53 --jump ACCEPT
    iptables --append INPUT --match udp --protocol udp --src IP5 --sport 53 --jump ACCEPT
    iptables --append INPUT --match udp --protocol udp --src IP6 --sport 53 --jump ACCEPT
    iptables --append INPUT --match udp --protocol udp --src IP7 --sport 53 --jump ACCEPT
    iptables --append INPUT --match udp --protocol udp --src IP8 --sport 53 --jump ACCEPT
    
    #TCP
    iptables -A INPUT -p tcp -m tcp -m multiport --src 127.0.0.1 --dports 53,783,953 --jump ACCEPT
    iptables --append INPUT --match tcp --protocol tcp --src 192.168.122.1 --sport 53 --jump ACCEPT
    #
    iptables --append INPUT --match tcp --protocol tcp --src IP1 --sport 53 --jump ACCEPT
    iptables --append INPUT --match tcp --protocol tcp --src IP2 --sport 53 --jump ACCEPT
    iptables --append INPUT --match tcp --protocol tcp --src IP3 --sport 53 --jump ACCEPT
    iptables --append INPUT --match tcp --protocol tcp --src IP4 --sport 53 --jump ACCEPT
    iptables --append INPUT --match tcp --protocol tcp --src IP5 --sport 53 --jump ACCEPT
    iptables --append INPUT --match tcp --protocol tcp --src IP6 --sport 53 --jump ACCEPT
    iptables --append INPUT --match tcp --protocol tcp --src IP7 --sport 53 --jump ACCEPT
    iptables --append INPUT --match tcp --protocol tcp --src IP8 --sport 53 --jump ACCEPT
    
    service iptables save
    service iptables restart
    Thanks for read
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page