Last active
April 8, 2025 01:06
-
-
Save Maxopoly/6c925a1f18f9e2f3b9818d1c1582b17e to your computer and use it in GitHub Desktop.
IP tables for Minecraft
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #You probably want to do this in root to reduce the amount of sudos required | |
| su - | |
| #Install iptables if you haven't already | |
| #Alternatively use packet manager of your choice | |
| apt-get install iptables | |
| #Allow all incoming traffic to begin with | |
| iptables -P INPUT ACCEPT | |
| #Clean out any existing input rules. You may also remove the "INPUT" argument and run only "iptables -F" to clear all chains. When doing so, make sure there are no rules in other chains that you still need (list via "iptables -L"), for example Oracle cloud servers will have preset rules, which should not be removed. | |
| iptables -F INPUT | |
| #Allow all internal connections | |
| iptables -A INPUT -i lo -j ACCEPT | |
| #Allow continuing setup connections | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| #Allow ssh, adjust port if you run it on non-default | |
| iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |
| #Allow minecraft, adjust port if you run it on non-default | |
| iptables -A INPUT -p tcp --dport 25565 -j ACCEPT | |
| #Disallow all input not whitelisted | |
| #DO NOT RUN THIS IF YOU HAVEN'T VERIFIED YOU WHITELISTED SSH, YOU WILL LOCK YOURSELF OUT | |
| iptables -P INPUT DROP | |
| #Block all forwarding | |
| iptables -P FORWARD DROP | |
| #Allow all outgoing | |
| iptables -P OUTPUT ACCEPT | |
| #Save rules, they won't be persisted past restart of the machine otherwise | |
| apt-get install iptables-persistent | |
| #iptables-persistent will load from this file automatically | |
| iptables-save > /etc/iptables/rules.v4 | |
| #Optional stuff from here on: | |
| #If you have other internal servers for backups etc. you can use this to allow any connections from them | |
| iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT | |
| #Whitelist mumble | |
| iptables -A INPUT -p tcp --dport 64738 -j ACCEPT | |
| iptables -A INPUT -p udp --dport 64738 -j ACCEPT | |
| #Whitelist Jenkins | |
| iptables -A INPUT -p tcp --dport 8080 -j ACCEPT | |
| #Whitelist Votifier | |
| iptables -A INPUT -p tcp --dport 8192 -j ACCEPT | |
| iptables -A INPUT -p udp --dport 8192 -j ACCEPT | |
| #Allow ICMP, this also makes server health check tools from various hosting providers happier | |
| iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT |
🔥
Hello there,
We're getting attacks quite frequently.
So I started this project the get a hold on the situation.
It implements parts of ur snipped, I would love if we could imvroove on that.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
🔥