This target address is totally untested! Allowing it may smoke your Kindle or eat your Kat!
Looking at this entry in the Amazon-Network reference:
** If wanting to screen the sub-net **
Amazon Technologies Inc. AMAZON-2011L (NET-54-240-0-0-1) 220.127.116.11 - 18.104.22.168
Amazon Web Services, LLC AWSEMAIL-Z (NET-54-240-0-0-2) 22.214.171.124 - 126.96.36.199
Looking at the rule-set, you will find:
# Packets leaving by Wifi
:wlan-out - [0:0]
-A wlan-out -d 188.8.131.52/12 -j DROP
-A wlan-out -d 184.108.40.206/14 -j DROP
-A wlan-out -d 220.127.116.11/14 -j DROP
# Count and drop the sub-net first.
-A wlan-out -d 18.104.22.168/18 -j DROP
-A wlan-out -d 22.214.171.124/12 -j DROP
And just guessing from the name: Amazon Web Services, LLC AWSEMAIL-Z
Then if you (or a KUAL button) wants to make an exception to the provided filter rule-set ;
Insert as RULE #1 (all exceptions, all device chains, are added as RULE #1):
iptables -t filter -I wlan-out -d 126.96.36.199/18 -j ACCEPT
The default rule number of the I(nsert) command is RULE #1.
When your done with the 'mail-to Kindle' function, take it out again with:
iptables -t filter -D wlan-out -d 188.8.131.52/18 -j ACCEPT
The D(elete) command removes the first (or only) exactly matching rule.
If wanting to enable this for 3G (also or only) - use the above rules with the substitution of ppp-out for wlan-out (Wifi).
If someone wants to try this out, and report back here - would be nice to know if that is really the 'mail-to Kindle' service.
If you keep reading my posts, you will learn more than you probably ever cared to know about Linux network firewalls.