iptables -F iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -i lo -j ACCEPT # iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT # IMAP iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 585 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 587 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT #imap iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 1110 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 2221 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 50 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 51 -j ACCEPT iptables -A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 10001 -j ACCEPT # Cluseer Servers iptables -A INPUT -i tcp -s 68.15.115.0/24 -j ACCEPT #iptables -A INPUT -i tcp -s 68.99.70.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 91.186.174.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 213.198.106.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 204.42.156.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 104.236.6.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 128.199.194.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 128.199.221.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 128.199.92.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 162.243.143.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 178.62.125.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 178.62.190.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 188.166.34.0/24 -j ACCEPT iptables -A INPUT -i tcp -s 192.241.205.0/24 -j ACCEPT ############################################################################################# #DROP ############################################################################################# #iptables -I INPUT -s 1.2.3.4 -j DROP iptables -I INPUT -s 134.249.50.231 -j DROP iptables -I INPUT -s 178.137.18.186 -j DROP iptables -I INPUT -s 37.115.191.164 -j DROP iptables -I INPUT -s 52.36.151.32 -j DROP iptables -I INPUT -s 66.249.66.152 -j DROP #DNS iptables -A OUTPUT -p udp -d 68.99.70.45 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp -s 68.99.70.45 --sport 53 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -d 68.99.70.44 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 68.99.70.44 --sport 53 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -d 178.62.125.29 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 178.62.125.29 --sport 53 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -d 128.199.194.211 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 128.199.194.211 --sport 53 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -d 104.236.6.58 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 104.236.6.58 --sport 53 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -d 192.241.205.38 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 192.241.205.38 --sport 53 -m state --state ESTABLISHED -j ACCEPT # FTP iptables -A INPUT -p tcp -s 68.99.70.50 -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 117.4.252.165 -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.181.0.0/16 -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.180.0.0/16 -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 187.189.0.0/16 -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.178.0.0/16 -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.249.0.0/16 -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.217.0.0/16 -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 68.99.70.50 -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 117.4.252.165 -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.181.0.0/16 -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.180.0.0/16 -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 187.189.0.0/16 -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.178.0.0/16 -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.249.0.0/16 -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.217.0.0/16 -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT # iptables -A INPUT -p tcp -s 68.99.70.50 -m tcp --sport 1024:10090 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 117.4.252.165 -m tcp --sport 1024:10090 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.180.0.0/16 -m tcp --sport 1024:10090 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.181.0.0/16 -m tcp --sport 1024:10090 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 187.189.0.0/16 -m tcp --sport 1024:10090 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.178.0.0/16 -m tcp --sport 1024:10090 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.249.0.0/16 -m tcp --sport 1024:10090 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 189.217.0.0/16 -m tcp --sport 1024:10090 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT #iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT #iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable iptables -A OUTPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --sport 1024:10090 --dport 20:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT # SSH iptables -A INPUT -p tcp -s 68.227.0.0/16 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 46.101.217.103 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 45.55.167.177 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 46.101.53.163 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 68.15.115.196 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 68.15.115.197 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 66.87.0.0/16 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 68.12.0.0/16 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 68.97.0.0/16 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 70.184.0.0/16 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 71.170.0.0/16 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 71.96.0.0/16 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 162.58.0.0/16 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 208.54.0.0/16 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 68.99.70.44 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 68.99.70.45 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 68.99.70.47 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 68.99.70.50 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 91.186.174.31 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 213.198.106.172 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 204.42.156.113 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 104.236.6.58 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 104.236.55.218 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 128.199.194.211 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 128.199.221.38 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 128.199.92.26 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 162.243.143.144 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 178.62.125.29 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 178.62.190.132 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 188.166.68.25 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 188.166.34.217 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 188.226.237.249 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 188.166.56.223 -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s 192.241.205.38 -m tcp --dport 22 -j ACCEPT # Webmin #Rogue Countries # All Done iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -P OUTPUT ACCEPT iptables -P INPUT DROP iptables -L -n iptables-save | sudo tee /etc/sysconfig/iptables systemctl restart iptables.service