This is my old firewall script with the comments included, this simple one worked pretty well.

Since then I have made a much more complicated and modular one, I will share that when it is complete.

#!/bin/bash

########################################################

# START THE FIREWALL SCRIPT                            #

########################################################





# Flush the current rules

iptables -F



# Block all forwarding

iptables -A FORWARD -s 0/0 -j DROP



# Allow all input into loopback

iptables -A INPUT -i lo -j ACCEPT



# Allow 4 pings per minute to block ping DOS attacks

iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 4/m -j ACCEPT



# Allow all echo replies including destination unreachable and time exceeded

iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT

iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT



# Block all other icmp traffic

iptables -A INPUT -p icmp -j DROP



# Allow all response traffic

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



# block all other incoming traffic

iptables -A INPUT -j DROP



# Display confirmation message

RED=$'\e[31;01m'

NORMAL=$'\e[0m'

echo "${RED}Firewall Started.....${NORMAL}"

That is a nice addition, that can be usful to work with the invalid attempt option in sshd to prevent breakins.

I am not fully versed in the communication methods and ports used for IMAP communication, but if you can pin down the basic packet structure of IMAP logins then you can develop n iptable rule to accomplish your task.