Forum

Results 1 to 6 of 6

Thread: iptables rules

  1. #1
    Join Date
    February 2015
    Posts
    1

    iptables rules

    hey i have VPS where i want have only installed TeamSpeak 3 service so i decided to close all ports and open only those that are needed. There are my iptables rules, if you can to see and to say whether the rules are good maybe something is missing or maybe something can be added ?

    Code:
    # FLUSH ALL RULES
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    
    # TS3
    iptables -I INPUT -p udp --dport 9987 -j ACCEPT
    iptables -I INPUT -p udp --sport 9987 -j ACCEPT
    
    iptables -I INPUT -p tcp --dport 30033 -j ACCEPT
    iptables -I INPUT -p tcp --sport 30033 -j ACCEPT
    
    iptables -I INPUT -p tcp --dport 10011 -j ACCEPT
    iptables -I INPUT -p tcp --sport 10011 -j ACCEPT
    
    # SSH
    iptables -I INPUT -p tcp --dport 22 -j ACCEPT
    iptables -I INPUT -p tcp --sport 22 -j ACCEPT
    
    # DNS
    iptables -I INPUT -p udp --dport 53 -j ACCEPT
    iptables -I INPUT -p udp --sport 53 -j ACCEPT

  2. #2
    Join Date
    September 2012
    Posts
    6,076
    Please see this FAQ Entry.
    When sending PMs please make sure to include a reference link to the thread in question in the body of your message.

  3. #3
    Join Date
    December 2004
    Location
    RF
    Posts
    3,002
    Quote Originally Posted by vVaslenko View Post
    hey i have VPS where i want have only installed TeamSpeak 3 service so i decided to close all ports and open only those that are needed. There are my iptables rules, if you can to see and to say whether the rules are good maybe something is missing or maybe something can be added ?

    Code:
    # FLUSH ALL RULES
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    After this line, everything is meaningless.

  4. #4
    Join Date
    May 2006
    Location
    Europe/Czech Rep.
    Posts
    1,616
    Quote Originally Posted by ANR Daemon View Post
    After this line, everything is meaningless.
    What ANR wanted to say is that
    Code:
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    After this everything is allowed(in out). It almost doesn't matter what rules allowing specific connections you put there.

    So efficiently, you didn't closed any port at all on firewall with your script.

    Gentle reminder what you are asking is not teamspeak3 specific at all. This is your Operating System related question. If you use ubuntu there are ubuntuforums etc...

  5. #5
    Join Date
    February 2015
    Posts
    4
    Code:
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    That code is pretty much saying accept anything and everything from anywhere

    Code:
    ptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT
    This code is pretty much saying DENY anything and everything from anywhere. BUT you can still output to anything.

    When I slop up a server, I'll input my ports I want open, then drop then drop everything
    Code:
    # flush
    sudo iptables -t nat -F
    sudo iptables -t nat -X
    sudo iptables -t mangle -F
    sudo iptables -t mangle -X
    
    # Teamspeak
    sudo iptables -A INPUT -p udp --dport 9987 -j ACCEPT
    sudo iptables -A INPUT -p udp --sport 9987 -j ACCEPT
    
    sudo iptables -A INPUT -p tcp --dport 30033 -j ACCEPT
    sudo iptables -A INPUT -p tcp --sport 30033 -j ACCEPT
    
    sudo iptables -A INPUT -p tcp --dport 10011 -j ACCEPT
    sudo iptables -A INPUT -p tcp --sport 10011 -j ACCEPT
    
    # HTTP(s)
    sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    sudo iptables -A INPUT -p tcp --sport 80 -j ACCEPT
    
    sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    sudo iptables -A INPUT -p tcp --sport 443 -j ACCEPT
    
    # SSH
    sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    sudo iptables -A INPUT -p tcp --sport 22 -j ACCEPT
    
    # DNS
    sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
    sudo iptables -A INPUT -p udp --sport 53 -j ACCEPT
    
    #SECURE
    sudo iptables -P INPUT DROP
    sudo iptables -P FORWARD DROP
    sudo iptables -P OUTPUT ACCEPT
    
    sudo service iptables save  
    sudo service iptables restart
    (excuse the cross over to Ubuntu 14 but its what i have saved)

  6. #6
    Join Date
    December 2004
    Location
    RF
    Posts
    3,002
    When you will start using iptables-save/-restore already?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Licensekey + iptables
    By dimiandre in forum Linux / FreeBSD
    Replies: 2
    Last Post: May 31st, 2012, 05:49 PM
  2. Iptables udp 9987
    By BitUnique in forum Linux / FreeBSD
    Replies: 2
    Last Post: February 9th, 2010, 04:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •