Go Back   EQEmulator Home > EQEmulator Forums > Support > Support::Linux Servers
Reload this Page Installation Guide: Running EQEmulator on cEntOS 6.2

Support::Linux Servers Support forum for Linux EQEMu users.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #3  
Old 07-14-2012, 05:02 AM
Hool
Fire Beetle
  
Join Date: May 2010
Location: Texas
Posts: 16
Default Updated iptables
This is an updated iptables that allows local connection (192.168.1.0/24 assumed) to FTP (vsftpd), Webmin, and Samba, as well as the ports needed to allow remote access to your EQEmulator and Apache. Also includes some protection against DDOS to port 80.

I would have updated previous post, but will not allow me to edit.

Code:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -s 192.168.1.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -s 192.168.1.0/24 --dport 10000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 10000 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -s 192.168.1.0/24 --dport 10000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p udp --sport 10000 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -s 192.168.1.0/24 --dport 8888 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 8888 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -s 192.168.1.0/24 --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 20 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -s 192.168.1.0/24 --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p udp --sport 20 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -s 192.168.1.0/24 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -s 192.168.1.0/24 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p udp --sport 21 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m multiport --dports 5998,5999,7000:7100,7778,7779,9080,9000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m multiport --sports 5998,5999,7000:7100,7778,7779,9080,9000 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -m multiport --dports 5998,5999,7000:7100,7778,7779,9080,9000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p udp -m multiport --sports 5998,5999,7000:7100,7778,7779,9080,9000 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -s 192.168.1.0/24 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
-A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

   

All times are GMT -4. The time now is 10:04 AM.

EQEmulator - Archive - Top

 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3