Skip to content

Instantly share code, notes, and snippets.

@Gjum

Gjum/iptables.rule

Forked from Maxopoly/iptables.rule
Created April 8, 2019 14:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Gjum/3ea877fda96950dda594207b27550494 to your computer and use it in GitHub Desktop.
Save Gjum/3ea877fda96950dda594207b27550494 to your computer and use it in GitHub Desktop.
Download ZIP
IP tables for Minecraft
Raw
iptables.rule
#You probably want to do this in root to reduce the amount of sudos required
su -
#Clean out any existing rules and allow incoming traffic to begin with
iptables -P INPUT ACCEPT
iptables -F
#Allow all internal connections
iptables -A INPUT -i lo -j ACCEPT
#Allow continuing setup connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Allow ssh, adjust port if you run it on non-default
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#Allow minecraft, adjust port if you run it on non-default
iptables -A INPUT -p tcp --dport 25565 -j ACCEPT
#Disallow all input not whitelisted
#DO NOT RUN THIS IF YOU HAVEN'T VERIFIED YOU WHITELISTED SSH, YOU WILL LOCK YOURSELF OUT
iptables -P INPUT DROP
#Block all forwarding
iptables -P FORWARD DROP
#Allow all outgoing
iptables -P OUTPUT ACCEPT
#Save rules, they won't be persisted past restart of the machine otherwise
#Use packet manager of your choice instead
apt-get install iptables-persistent
#iptables-persistent will load from this file automatically
iptables-save > /etc/iptables/rules.v4
#Optional stuff from here on:
#If you have other internal servers for backups etc. you can use this to allow any connections from them
iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT
#Whitelist mumble
iptables -A INPUT -p tcp --dport 64738 -j ACCEPT
iptables -A INPUT -p udp --dport 64738 -j ACCEPT
#Whitelist Jenkins
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment