# IPTables Blocking Postfix

## dman777

what would this iptables policy be blocking postfix from recieving emails? since it's default policy is ACCEPT the only rule I see that is truly blocking is the REJECT all -- anywhere anywhere reject-with icmp-host-prohibited 

```
Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT tcp -- anywhere anywhere tcp dpt:mysql

ACCEPT tcp -- anywhere anywhere tcp dpt:submission

ACCEPT tcp -- anywhere anywhere tcp dpt:http

ACCEPT tcp -- anywhere anywhere tcp dpt:http

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT icmp -- anywhere anywhere

ACCEPT all -- anywhere anywhere

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

ACCEPT tcp -- anywhere anywhere tcp dpt:urd

ACCEPT tcp -- anywhere anywhere tcp dpt:pop3

ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s

ACCEPT tcp -- anywhere anywhere tcp dpt:imap

ACCEPT tcp -- anywhere anywhere tcp dpt:imaps

Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target prot opt source destination
```

----------

## massimo

Since the REJECT rule is before the pop3, imap, ... rules postfix will not receive any communication on these ports.

----------

## dman777

Thanks. since this default policy is set to ACCEPT how come it matters?

----------

## massimo

Take a look at the output of iptables -Lv. This should clear things up for you.

----------

## PaulBredbury

 *dman777 wrote:*   

> how come it matters?

 

The order of the rules is crucially important. If you REJECT first, then that is what will happen - they cannot be ACCEPTed later, they've already been REJECTed.

Change the order of the rules, or the filtering criteria.

----------

