on my mailserver I have a strange behavior with iptables rules. When I try to send an email message through this server, it takes many seconds and then the message is sent (so it works but it is very slow).
If at the end of all rules I add "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0" (so disabling the firewall for the tcp protocol) messages are sent instantly.
Here's my list of rules (note: rules from 37 to 54 are needed for Blackberry mobiles):
Code: Select all
#iptables -L -n --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT udp -- [mailserverip] 151.99.125.2 udp dpt:53
3 ACCEPT udp -- 151.99.125.2 [mailserverip] udp spt:53 dpts:1024:65535
4 ACCEPT udp -- [mailserverip] 8.8.8.8 udp dpt:53
5 ACCEPT udp -- 8.8.8.8 [mailserverip] udp spt:53 dpts:1024:65535
6 ACCEPT udp -- [mailserverip] 151.99.0.100 udp dpt:53
7 ACCEPT udp -- 151.99.0.100 [mailserverip] udp spt:53 dpts:1024:65535
8 ACCEPT udp -- [mailserverip] 1.1.1.1 udp dpt:53
9 ACCEPT udp -- 1.1.1.1 [mailserverip] udp spt:53 dpts:1024:65535
10 ACCEPT udp -- [mailserverip] 1.0.0.1 udp dpt:53
11 ACCEPT udp -- 1.0.0.1 [mailserverip] udp spt:53 dpts:1024:65535
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
15 ACCEPT tcp -- 0.0.0.0/0 [mailserverip] tcp dpt:80
16 ACCEPT tcp -- 0.0.0.0/0 [mailserverip] tcp dpt:443
17 ACCEPT tcp -- [ourip1] [mailserverip] tcp dpt:21
18 ACCEPT tcp -- [ourip3] [mailserverip] tcp dpt:21
19 ACCEPT tcp -- [ourip1] [mailserverip] tcp dpt:22
20 ACCEPT tcp -- [ourip2] [mailserverip] tcp dpt:22
21 ACCEPT tcp -- [ourip3] [mailserverip] tcp dpt:22
22 ACCEPT tcp -- [ourip3] [mailserverip] tcp dpt:22
23 ACCEPT tcp -- [ourip4] [mailserverip] tcp dpt:22
24 ACCEPT tcp -- 0.0.0.0/0 [mailserverip] tcp dpt:25
25 ACCEPT tcp -- 0.0.0.0/0 [mailserverip] tcp dpt:465
26 ACCEPT tcp -- 0.0.0.0/0 [mailserverip] tcp dpt:587
27 ACCEPT tcp -- 0.0.0.0/0 [mailserverip] tcp dpt:110
28 ACCEPT tcp -- 0.0.0.0/0 [mailserverip] tcp dpt:995
29 ACCEPT tcp -- 0.0.0.0/0 [mailserverip] tcp dpt:143
30 ACCEPT tcp -- 0.0.0.0/0 [mailserverip] tcp dpt:993
31 ACCEPT tcp -- [ourip1] [mailserverip] tcp dpts:1024:65535
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:783 flags:0x17/0x02
33 ACCEPT tcp -- [ourip3] [mailserverip] tcp dpts:1024:65535
34 ACCEPT tcp -- [mailserverip] 0.0.0.0/0
35 ACCEPT tcp -- [ourip1] 0.0.0.0/0 state NEW tcp multiport dports 5901:5903,6001:6003
36 ACCEPT tcp -- [ourip3] 0.0.0.0/0 state NEW tcp multiport dports 5901:5903,6001:6003
37 ACCEPT all -- 206.51.26.0/24 [mailserverip]
38 ACCEPT all -- 193.109.81.0/24 [mailserverip]
39 ACCEPT all -- 204.187.87.0/24 [mailserverip]
40 ACCEPT all -- 206.53.144.0/20 [mailserverip]
41 ACCEPT all -- 216.9.240.0/20 [mailserverip]
42 ACCEPT all -- 67.223.64.0/19 [mailserverip]
43 ACCEPT all -- 93.186.16.0/20 [mailserverip]
44 ACCEPT all -- 68.171.224.0/19 [mailserverip]
45 ACCEPT all -- 74.82.64.0/19 [mailserverip]
46 ACCEPT all -- 173.247.32.0/19 [mailserverip]
47 ACCEPT all -- 178.239.80.0/20 [mailserverip]
48 ACCEPT all -- 180.149.148.0/23 [mailserverip]
49 ACCEPT all -- 180.149.151.0/24 [mailserverip]
50 ACCEPT all -- 180.168.204.0/22 [mailserverip]
51 ACCEPT all -- 5.100.168.0/21 [mailserverip]
52 ACCEPT all -- 131.117.168.0/21 [mailserverip]
53 ACCEPT all -- 103.246.200.0/22 [mailserverip]
54 ACCEPT all -- 93.186.25.33 [mailserverip]
55 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
56 ACCEPT icmpv6-- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Thanks!