# by Maxopoly on github.com/Maxopoly/iptables.rule #You probably want to do this in root to reduce the amount of sudos required su - #Install iptables if you haven't already #Alternatively use packet manager of your choice apt-get install iptables #Allow all incoming traffic to begin with iptables -P INPUT ACCEPT #Clean out any existing input rules. You may also remove the "INPUT" argument and run only "iptables -F" to clear all chains. When doing so, make sure there are no rules in other chains that you still need (list via "iptables -L"), for example Oracle cloud servers will have preset rules, which should not be removed. iptables -F INPUT #Allow all internal connections iptables -A INPUT -i lo -j ACCEPT #Allow continuing setup connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow ssh, adjust port if you run it on non-default iptables -A INPUT -p tcp --dport 22 --source 172.18.42.0/24 -j ACCEPT #Allow minecraft, adjust port if you run it on non-default iptables -A INPUT -p tcp --dport 25565 -j ACCEPT #Disallow all input not whitelisted #DO NOT RUN THIS IF YOU HAVEN'T VERIFIED YOU WHITELISTED SSH, YOU WILL LOCK YOURSELF OUT iptables -P INPUT DROP #Block all forwarding iptables -P FORWARD DROP #Allow all outgoing iptables -P OUTPUT ACCEPT #Save rules, they won't be persisted past restart of the machine otherwise apt-get install iptables-persistent #iptables-persistent will load from this file automatically iptables-save > /etc/iptables/rules.v4 #Optional stuff from here on: #If you have other internal servers for backups etc. you can use this to allow any connections from them iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT #Whitelist mumble iptables -A INPUT -p tcp --dport 64738 -j ACCEPT iptables -A INPUT -p udp --dport 64738 -j ACCEPT #Whitelist Jenkins iptables -A INPUT -p tcp --dport 8080 -j ACCEPT #Whitelist Votifier iptables -A INPUT -p tcp --dport 8192 -j ACCEPT iptables -A INPUT -p udp --dport 8192 -j ACCEPT #Allow ICMP, this also makes server health check tools from various hosting providers happier iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT