# Generated by iptables-save v1.4.12 on Tue May 14 22:27:41 2013# 53 DNS shit

1. # Generated by iptables-save v1.4.12 on Tue May 14 22:27:41 2013
2. # 53 DNS shit
3. # 80 HTTP
4. # 443 HTTPS
5. # 8192 Votifier
6. # 10220 Our SSH
7. # 25565:25580 Minecraft stuff
8. *filter
9. :INPUT ACCEPT [0:0]
10. :FORWARD ACCEPT [0:0]
11. :OUTPUT ACCEPT [232:16983]
12. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
13. # Anything to the server from the server is allowed.
14. -A INPUT -i lo -j ACCEPT
15. # Drop broken shit.
16. -A INPUT -m state --state INVALID -j DROP
17. # Max of 12 bursts of incoming pings per second.
18. -A INPUT -p icmp -m icmp --icmp-type any -m limit --limit 12/sec -j ACCEPT
19. # Accept anything coming in to these ports.
20. -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
21. -A INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
22. -A INPUT -p tcp -m tcp --dport 8192 -j ACCEPT
23. -A INPUT -p tcp -m tcp --dport 10220 -j ACCEPT
24. -A INPUT -p tcp -m tcp --dport 15900 -j ACCEPT
25. -A INPUT -p tcp -m tcp --dport 16000 -j ACCEPT
26. -A INPUT -p tcp -m tcp --dport 25565:25580 -j ACCEPT
27. -A INPUT -p tcp -m udp --dport 4380 -j ACCEPT
28. # Max of 50 connections at once for 0.0.0.1 through 0.0.0.255, if they try more, reply with LOLNO.
29. -A INPUT -p tcp -m tcp --dport 80 -m connlimit --connlimit-above 50 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
30. -A INPUT -p udp --dport 53 -j ACCEPT
31. -A INPUT -p tcp --dport 53 -j ACCEPT
32. # Max of 12 bursts of outgoing pings per second.
33. -A OUTPUT -p icmp -m icmp --icmp-type any -m limit --limit 12/sec -j ACCEPT
34. #Accept anything going out to one of these ports.
35. -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
36. -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
37. -A OUTPUT -p tcp -m tcp --dport 465 -j ACCEPT
38. -A OUTPUT -p tcp -m tcp --dport 5901 -j ACCEPT
39. -A OUTPUT -p tcp -m tcp --dport 8192 -j ACCEPT
40. -A OUTPUT -p tcp -m tcp --dport 10220 -j ACCEPT
41. -A OUTPUT -p tcp -m tcp --dport 15900 -j ACCEPT
42. -A OUTPUT -p tcp -m tcp --dport 16000 -j ACCEPT
43. -A OUTPUT -p tcp -m tcp --dport 25565:25580 -j ACCEPT
44. -A OUTPUT -p udp -m udp --dport 3478 -j ACCEPT
45. -A OUTPUT -p udp -m udp --dport 4379 -j ACCEPT
46. -A OUTPUT -p udp -m udp --dport 4380 -j ACCEPT
47. -A OUTPUT -p udp -m udp --dport 10220 -j ACCEPT
48. # Accept anything going out from one of these ports.
49. -A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
50. -A OUTPUT -p tcp -m tcp --sport 5901 -j ACCEPT
51. -A OUTPUT -p tcp -m tcp --sport 8192 -j ACCEPT
52. -A OUTPUT -p tcp -m tcp --sport 10220 -j ACCEPT
53. -A OUTPUT -p tcp -m tcp --sport 15900 -j ACCEPT
54. -A OUTPUT -p tcp -m tcp --sport 16000 -j ACCEPT
55. -A OUTPUT -p tcp -m tcp --sport 25565:25580 -j ACCEPT
56. -A OUTPUT -p udp -m udp --sport 3478 -j ACCEPT
57. -A OUTPUT -p udp -m udp --sport 4379 -j ACCEPT
58. -A OUTPUT -p udp -m udp --sport 4380 -j ACCEPT
59. -A OUTPUT -p udp -m udp --sport 10220 -j ACCEPT
60. # Anything from the server to the server is allowed.
61. -A OUTPUT -o lo -j ACCEPT
62. #Naemr said it's some DNS thing.
63. -A OUTPUT -p udp --dport 53 -j ACCEPT
64. -A OUTPUT -p tcp --dport 53 -j ACCEPT
65. -A OUTPUT -p udp --sport 53 -j ACCEPT
66. -A OUTPUT -p tcp --sport 53 -j ACCEPT
67. -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
68. # Drop and log broken shit.
69. -A OUTPUT -m state --state INVALID -j DROP
70. -A INPUT -j DROP
71. -A OUTPUT -j DROP
72. -P INPUT DROP
73. -P OUTPUT DROP
74. COMMIT