postfix doesn't work after iptables set up

thkang asked:

here’s my problem:

# iptables -P INPUT DROP
# host -t mx
;; connection timed out; no servers could be reached
# iptables -P INPUT ACCEPT
# host -t mx mail is handled by 20 mail is handled by 5 mail is handled by 40 mail is handled by 10 mail is handled by 30

after setting iptables to drop all input packets unless specified otherwise, I can’t resolve hosts and therefore postfix fails to send mails. I think it is crucial to set firewall up – what is the firewall setting that I missed?

here’s my current iptables:

# iptables -L INPUT -n -v
Chain INPUT (policy ACCEPT 120 packets, 17552 bytes)
 pkts bytes target     prot opt in     out     source               destination          
2669K  160M fail2ban-ssh-ddos  tcp  --  *      *              multiport dports 22
2669K  160M fail2ban-ssh  tcp  --  *      *              multiport dports 22
  122 19135 ACCEPT     tcp  --  *      *              tcp dpt:80
  252 27262 ACCEPT     tcp  --  *      *              tcp dpt:143
    0     0 ACCEPT     tcp  --  *      *              tcp dpt:587
   46  3191 ACCEPT     tcp  --  *      *              tcp dpt:21
  264 2459K ACCEPT     all  --  lo     *   

My answer:

You’re missing a rule to accept traffic based on existing traffic (the rule that makes iptables stateful). This should be your very first rule:


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.