Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generated by iptables-save v1.4.12 on Tue May 14 22:27:41 2013
- # 53 DNS shit
- # 80 HTTP
- # 443 HTTPS
- # 8192 Votifier
- # 10220 Our SSH
- # 25565:25580 Minecraft stuff
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [232:16983]
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- # Anything to the server from the server is allowed.
- -A INPUT -i lo -j ACCEPT
- # Drop broken shit.
- -A INPUT -m state --state INVALID -j DROP
- # Max of 12 bursts of incoming pings per second.
- -A INPUT -p icmp -m icmp --icmp-type any -m limit --limit 12/sec -j ACCEPT
- # Accept anything coming in to these ports.
- -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 8192 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 10220 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 15900 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 16000 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 25565:25580 -j ACCEPT
- -A INPUT -p tcp -m udp --dport 4380 -j ACCEPT
- # Max of 50 connections at once for 0.0.0.1 through 0.0.0.255, if they try more, reply with LOLNO.
- -A INPUT -p tcp -m tcp --dport 80 -m connlimit --connlimit-above 50 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
- -A INPUT -p udp --dport 53 -j ACCEPT
- -A INPUT -p tcp --dport 53 -j ACCEPT
- # Max of 12 bursts of outgoing pings per second.
- -A OUTPUT -p icmp -m icmp --icmp-type any -m limit --limit 12/sec -j ACCEPT
- #Accept anything going out to one of these ports.
- -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --dport 465 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --dport 5901 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --dport 8192 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --dport 10220 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --dport 15900 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --dport 16000 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --dport 25565:25580 -j ACCEPT
- -A OUTPUT -p udp -m udp --dport 3478 -j ACCEPT
- -A OUTPUT -p udp -m udp --dport 4379 -j ACCEPT
- -A OUTPUT -p udp -m udp --dport 4380 -j ACCEPT
- -A OUTPUT -p udp -m udp --dport 10220 -j ACCEPT
- # Accept anything going out from one of these ports.
- -A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 5901 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 8192 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 10220 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 15900 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 16000 -j ACCEPT
- -A OUTPUT -p tcp -m tcp --sport 25565:25580 -j ACCEPT
- -A OUTPUT -p udp -m udp --sport 3478 -j ACCEPT
- -A OUTPUT -p udp -m udp --sport 4379 -j ACCEPT
- -A OUTPUT -p udp -m udp --sport 4380 -j ACCEPT
- -A OUTPUT -p udp -m udp --sport 10220 -j ACCEPT
- # Anything from the server to the server is allowed.
- -A OUTPUT -o lo -j ACCEPT
- #Naemr said it's some DNS thing.
- -A OUTPUT -p udp --dport 53 -j ACCEPT
- -A OUTPUT -p tcp --dport 53 -j ACCEPT
- -A OUTPUT -p udp --sport 53 -j ACCEPT
- -A OUTPUT -p tcp --sport 53 -j ACCEPT
- -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # Drop and log broken shit.
- -A OUTPUT -m state --state INVALID -j DROP
- -A INPUT -j DROP
- -A OUTPUT -j DROP
- -P INPUT DROP
- -P OUTPUT DROP
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement