Appreciate your reply, thanks.
A little context here: I first noticed these a few years ago and asked host (they had changed my iptables). I don't think the support person actually knew why he had been told to do it - said "for added security". Anyway it didn't seem to do any harm so I have faithfully copied every time I updated iptables.
But I went on a housecleaning kick yesterday. We had blocked IPs in .htaccess as well as in iptables, and there was also a Ban Filter in the forum. I decided to consolidate all the bans in one place, in iptables, to make search easier if a block turned out to be a mistake. Then I thought why have this stuff I don't understand in iptables - so now I have taken all the 18.104.22.168 lines out.
May I ask you about something else?
I don't really understand the OUTPUT section. There is a pretty large one. It starts with some reasonable-looking stuff:
-A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner mail -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
But after that are a great many DROP lines - a few of them:
-A OUTPUT -s 22.214.171.124 -j DROP
-A OUTPUT -s 126.96.36.199/255.252.0.0 -j DROP
-A OUTPUT -s 188.8.131.52/255.255.240.0 -j DROP
-A OUTPUT -s 184.108.40.206/255.255.240.0 -j DROP
-A OUTPUT -s 220.127.116.11 -j DROP
-A OUTPUT -s 18.104.22.168 -j DROP
-A OUTPUT -s 22.214.171.124 -j DROP
-A OUTPUT -s 126.96.36.199 -j DROP
What are these actually doing? I'm guessing that if something on the server tries to send to 188.8.131.52, it will not succeed. (Protection against malware sending home?) Would you agree that I could just delete those hundred or so lines?