maz.b
Member
- Jan 30, 2016
- 46
- 7
- 43
Here my small iptables rules.
Code:
# Generated by iptables-save v1.4.21 on Tue Jul 26 16:38:18 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2636465121:3091630212927]
#Loopback has no restrictions
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 127.0.1.1/32 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp -m multiport --dports 21,22,80,443,9987,30033,10011,7776,6667,1337,27960,5412,8000 -j ACCEPT
-A INPUT -p udp -m udp -m multiport --dports 22,80,443,9987,30033,10011,7776,6667,1337,27960,5412,8000 -j ACCEPT
-A INPUT -p tcp -m tcp -m multiport --dports 9498,1212,9988,6587,9498,8087,6548,9999 -j ACCEPT
-A INPUT -p udp -m udp -m multiport --dports 9498,1212,9988,6587,9498,8087,6548,9999 -j ACCEPT
-A INPUT -p tcp -m tcp -m multiport --dports 9998,9997,6000,6001,6002,8090 -j ACCEPT
-A INPUT -p udp -m udp -m multiport --dports 9998,9997,6000,6001,6002,8090 -j ACCEPT
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "GFW-INPUT-DROPPED " --log-tcp-options --log-ip-options
-A INPUT -p tcp -m tcp -j DROP
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Jul 26 16:38:18 2016