diff --git a/README.md b/README.md
index e69de29..8189daf 100644
--- a/README.md
+++ b/README.md
@@ -0,0 +1 @@
+To switch user use: su minecraft -s /bin/bash
diff --git a/iptables b/iptables
new file mode 100644
index 0000000..742ade4
--- /dev/null
+++ b/iptables
@@ -0,0 +1,60 @@
+# by Maxopoly on github.com/Maxopoly/iptables.rule
+
+#You probably want to do this in root to reduce the amount of sudos required
+su -
+
+#Install iptables if you haven't already
+#Alternatively use packet manager of your choice
+apt-get install iptables
+
+#Allow all incoming traffic to begin with
+iptables -P INPUT ACCEPT
+#Clean out any existing input rules. You may also remove the "INPUT" argument and run only "iptables -F" to clear all chains. When doing so, make sure there are no rules in other chains that you still need (list via "iptables -L"), for example Oracle cloud servers will have preset rules, which should not be removed.
+iptables -F INPUT
+
+#Allow all internal connections
+iptables -A INPUT -i lo -j ACCEPT
+
+#Allow continuing setup connections
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+#Allow ssh, adjust port if you run it on non-default
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+
+#Allow minecraft, adjust port if you run it on non-default
+iptables -A INPUT -p tcp --dport 25565 -j ACCEPT
+
+#Disallow all input not whitelisted
+#DO NOT RUN THIS IF YOU HAVEN'T VERIFIED YOU WHITELISTED SSH, YOU WILL LOCK YOURSELF OUT
+iptables -P INPUT DROP
+
+#Block all forwarding
+iptables -P FORWARD DROP
+
+#Allow all outgoing
+iptables -P OUTPUT ACCEPT
+
+#Save rules, they won't be persisted past restart of the machine otherwise
+apt-get install iptables-persistent
+#iptables-persistent will load from this file automatically
+iptables-save > /etc/iptables/rules.v4
+
+
+#Optional stuff from here on:
+
+#If you have other internal servers for backups etc. you can use this to allow any connections from them
+iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT
+
+#Whitelist mumble
+iptables -A INPUT -p tcp --dport 64738 -j ACCEPT
+iptables -A INPUT -p udp --dport 64738 -j ACCEPT
+
+#Whitelist Jenkins
+iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
+
+#Whitelist Votifier
+iptables -A INPUT -p tcp --dport 8192 -j ACCEPT
+iptables -A INPUT -p udp --dport 8192 -j ACCEPT
+
+#Allow ICMP, this also makes server health check tools from various hosting providers happier
+iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT