Re: How to allow email delivery when IPTABLES policy is DROP for all ip's not declare
First of all, you don't need to block packets going out from the server to the internet at large, unless you want to restrict what services can connect. Also, you need to use RELATED, ESTABLISHED on the first rule, so:
Code:
iptables -A OUTPUT -p ALL -m state --state RELATED,ESTABLISHED -j ACCEPT
will allow outbound packets for all established connections. To allow outbound connections to be initiated, add:
Code:
iptables -A OUTPUT -p ALL -j ACCEPT
You can add --dport 465 if you only want to allow outbound connections on port 465.
You'll want to do the same on the INPUT chain, so established connections can also receive packets:
Code:
iptables -A INPUT -p ALL -m state --state RELATED,ESTABLISHED -j ACCEPT
After these rules, set up the rules on the INPUT chain to allow your developers access to your website:
Code:
iptables -A INPUT -s $IP_DEVELOPER --dport 80 -j ACCEPT
I added dport 80 to allow access only on port 80, but you can change or remove this if you like.
Current 'buntu systems: multiple systems running Server or Desktop 22.04 LTS / Retired or Upgraded: 18.04.2 LTS, Mythbuntu 16.04 LTS, Ubuntu 16.04.1 LTS, 14.04 LTS, 10.04 LTS, 8.04 LTS
Been using ubuntu since 6.04 (16 years!)