diff --git a/postfix/iptables-input.sls b/postfix/iptables-input.sls
new file mode 100644
index 0000000..9510c6c
--- /dev/null
+++ b/postfix/iptables-input.sls
@@ -0,0 +1,24 @@
+smtp.input:
+  iptables.chain_present:
+    -
+
+tcp:
+  iptables.insert:
+    - table: filter
+    - position: 1
+    - chain: smtp.input
+    - jump: ACCEPT
+    - match: state
+    - connstate: NEW,ESTABLISHED
+    - dport: 25
+    - proto: tcp
+    - save: True
+
+filter:
+  iptables.insert:
+    - table: filter
+    - position: 1
+    - chain: INPUT
+    - jump: smtp.input
+    - save: True
+