And I'm running Debian 7 on a VPS.
This is my current iptables script:
Spoiler
### BEGIN INIT INFO
#!/bin/sh
IPTABLES_MODULES="ip_conntrack_ftp"
IPT=/sbin/iptables
case "$1" in
start)
echo «Starting iptables»
# Allow incoming SSH only from a specific IP
$IPT -A INPUT -i venet0 -p tcp -s 176.114.248.130 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
# Allow incoming HTTP
$IPT -A INPUT -i venet0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# Allow incoming HTTPS
$IPT -A INPUT -i venet0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
# UrT Port
$IPT -A INPUT -i venet0 -p udp -m udp --dport 27960 -j ACCEPT
$IPT -A INPUT -i venet0 -p udp -m udp --dport 27950 -j ACCEPT
$IPT -A INPUT -i venet0 -p udp -m udp --dport 27952 -j ACCEPT
# Ping from outside to inside
$IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# Prevent DoS attack on port 80
$IPT -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
# OUTPUT
$IPT -A OUTPUT -j ACCEPT
# DROP on interface venet0
$IPT -A INPUT -i venet0 -j DROP
$IPT -A FORWARD -i venet0 -j DROP
;;
stop)
echo «Stopping iptables»
$IPT -F
$IPT -X
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo «Usage: /etc/init.d/iptables {start|stop}»
exit 1
;;
esac
exit 0
### END INIT INFO
### BEGIN INIT INFO
#!/bin/sh
IPTABLES_MODULES="ip_conntrack_ftp"
IPT=/sbin/iptables
case "$1" in
start)
echo «Starting iptables»
# Allow incoming SSH only from a specific IP
$IPT -A INPUT -i venet0 -p tcp -s 176.114.248.130 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
# Allow incoming HTTP
$IPT -A INPUT -i venet0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# Allow incoming HTTPS
$IPT -A INPUT -i venet0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
# UrT Port
$IPT -A INPUT -i venet0 -p udp -m udp --dport 27960 -j ACCEPT
$IPT -A INPUT -i venet0 -p udp -m udp --dport 27950 -j ACCEPT
$IPT -A INPUT -i venet0 -p udp -m udp --dport 27952 -j ACCEPT
# Ping from outside to inside
$IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# Prevent DoS attack on port 80
$IPT -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
# OUTPUT
$IPT -A OUTPUT -j ACCEPT
# DROP on interface venet0
$IPT -A INPUT -i venet0 -j DROP
$IPT -A FORWARD -i venet0 -j DROP
;;
stop)
echo «Stopping iptables»
$IPT -F
$IPT -X
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo «Usage: /etc/init.d/iptables {start|stop}»
exit 1
;;
esac
exit 0
### END INIT INFO
iptables -L looks like this:
Spoiler
root@myvps:/home/urt# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 176.114.248.130 anywhere tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:27960
ACCEPT udp -- anywhere anywhere udp dpt:27950
ACCEPT udp -- anywhere anywhere udp dpt:27952
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:http limit: avg 25/min burst 100
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
And this is what happens when I start the UrT server:
Spoiler
-----------------------------------
auth: resolving authserver address
auth: authserver has no IPv4 address.
InitAuth: \auth\0\auth_status\init\auth_cheaters\1\auth_tags\1\auth_notoriety\0\auth_groups\\auth_verbosity\1
auth: sending heartbeat
broadcast: print "Server: g_noVest changed to 0\n"
^3WARNING: g_noVest can be used only in Jump mode
broadcast: print "Server: auth changed to 1\n"
broadcast: print "Server: auth_status changed to public\n"
-----------------------------------
Hitch warning: 903 msec frame time
auth: sending heartbeat
Resolving master.urbanterror.info
Couldn't resolve address: master.urbanterror.info
Resolving master2.urbanterror.info
Couldn't resolve address: master2.urbanterror.info
Resolving master.quake3arena.com
Couldn't resolve address: master.quake3arena.com
Hitch warning: 100549 msec frame time
-----------------------------------
auth: resolving authserver address
auth: authserver has no IPv4 address.
InitAuth: \auth\0\auth_status\init\auth_cheaters\1\auth_tags\1\auth_notoriety\0\auth_groups\\auth_verbosity\1
auth: sending heartbeat
broadcast: print "Server: g_noVest changed to 0\n"
^3WARNING: g_noVest can be used only in Jump mode
broadcast: print "Server: auth changed to 1\n"
broadcast: print "Server: auth_status changed to public\n"
-----------------------------------
Hitch warning: 903 msec frame time
auth: sending heartbeat
Resolving master.urbanterror.info
Couldn't resolve address: master.urbanterror.info
Resolving master2.urbanterror.info
Couldn't resolve address: master2.urbanterror.info
Resolving master.quake3arena.com
Couldn't resolve address: master.quake3arena.com
Hitch warning: 100549 msec frame time
Thanks
This post has been edited by gangofkittens: 17 May 2015 - 10:20 AM