This target address is totally untested! Allowing it may smoke your Kindle or eat your Kat!
Looking at this entry in the Amazon-Network reference:
Kpw: 54.240.0.0/12
Kpw: 54.240.128.0/18 ** If wanting to screen the sub-net **
Amazon Technologies Inc. AMAZON-2011L (NET-54-240-0-0-1) 54.240.0.0 - 54.255.255.255
Amazon Web Services, LLC AWSEMAIL-Z (NET-54-240-0-0-2) 54.240.0.0 - 54.240.63.255
Looking at the rule-set, you will find:
Code:
# Packets leaving by Wifi
:wlan-out - [0:0]
-A wlan-out -d 23.0.0.0/12 -j DROP
-A wlan-out -d 23.20.0.0/14 -j DROP
-A wlan-out -d 50.16.0.0/14 -j DROP
# Count and drop the sub-net first.
-A wlan-out -d 54.240.128.0/18 -j DROP
-A wlan-out -d 54.240.0.0/12 -j DROP
And just guessing from the name:
Amazon Web Services, LLC AWSEMAIL-Z
Then if you (or a KUAL button) wants to make an exception to the provided filter rule-set ;
Insert as RULE #1 (all exceptions, all device chains, are added as RULE #1):
Code:
iptables -t filter -I wlan-out -d 54.240.128.0/18 -j ACCEPT
The default rule number of the I(nsert) command is RULE #1.
When your done with the 'mail-to Kindle' function, take it out again with:
Code:
iptables -t filter -D wlan-out -d 54.240.128.0/18 -j ACCEPT
The D(elete) command removes the first (or only) exactly matching rule.
If wanting to enable this for 3G (also or only) - use the above rules with the substitution of ppp-out for wlan-out (Wifi).
If someone wants to try this out, and report back here - would be nice to know if that is really the 'mail-to Kindle' service.
WARNING: If you keep reading my posts, you will learn more than you probably ever cared to know about Linux network firewalls.