godot/mc-perfect
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more resorces

Browse Source
This commit is contained in:
godot 2024-06-30 21:01:44 +02:00
parent 5fccf81d59
commit e5ee6e131d
2 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -0,0 +1 @@
To switch user use: su minecraft -s /bin/bash

60
iptables Normal file
View File

@ -0,0 +1,60 @@
# by Maxopoly on github.com/Maxopoly/iptables.rule
#You probably want to do this in root to reduce the amount of sudos required
su -
#Install iptables if you haven't already
#Alternatively use packet manager of your choice
apt-get install iptables
#Allow all incoming traffic to begin with
iptables -P INPUT ACCEPT
#Clean out any existing input rules. You may also remove the "INPUT" argument and run only "iptables -F" to clear all chains. When doing so, make sure there are no rules in other chains that you still need (list via "iptables -L"), for example Oracle cloud servers will have preset rules, which should not be removed.
iptables -F INPUT
#Allow all internal connections
iptables -A INPUT -i lo -j ACCEPT
#Allow continuing setup connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Allow ssh, adjust port if you run it on non-default
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#Allow minecraft, adjust port if you run it on non-default
iptables -A INPUT -p tcp --dport 25565 -j ACCEPT
#Disallow all input not whitelisted
#DO NOT RUN THIS IF YOU HAVEN'T VERIFIED YOU WHITELISTED SSH, YOU WILL LOCK YOURSELF OUT
iptables -P INPUT DROP
#Block all forwarding
iptables -P FORWARD DROP
#Allow all outgoing
iptables -P OUTPUT ACCEPT
#Save rules, they won't be persisted past restart of the machine otherwise
apt-get install iptables-persistent
#iptables-persistent will load from this file automatically
iptables-save > /etc/iptables/rules.v4
#Optional stuff from here on:
#If you have other internal servers for backups etc. you can use this to allow any connections from them
iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT
#Whitelist mumble
iptables -A INPUT -p tcp --dport 64738 -j ACCEPT
iptables -A INPUT -p udp --dport 64738 -j ACCEPT
#Whitelist Jenkins
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
#Whitelist Votifier
iptables -A INPUT -p tcp --dport 8192 -j ACCEPT
iptables -A INPUT -p udp --dport 8192 -j ACCEPT
#Allow ICMP, this also makes server health check tools from various hosting providers happier
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT