Iptables allow only localhost and gmail

Question

I use this in iptables: (want to allow 25 port only for localhost)

iptables -A INPUT -p tcp -s localhost --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j DROP

It works perfect, but I stopped to receive forwarded mail (it was working OK before).

I have a rule in mail config -> email sent to myusername@mydomain.com -> forwarded to my gmail

What should I change/add in my iptables to allow this forwarding but port 25 to be closed for public? Maybe add google IP or something else?

Many thanks!

score 1 · Answer 1 · answered Jun 06 '13 at 11:50

If this is a standalone host, I suggest you solve this issue within your mailserver, not a firewall. Gmail has every right to change their IP addresses as they see fit at any time and you'll end up having a broken system. Configure your mailserver to accept mails to addresses you allow and possibly from addresses you allow. Alternatively use something like fetchmail to download your mails from Gmail instead of using a forward.

score 0 · Answer 2 · answered Jun 06 '13 at 11:20

You should create iptales rule that allow only gmail ip address on port 25.

Gmail's name server ip addresses are as follows.

173.194.36.53 
173.194.36.54

It may be different in your country. You can find using following command in terminal.

nslookup gmail.com

Iptables allow only localhost and gmail

2 Answers2