I'm trying to set up a simple firewall using iptables. The server in question is purely a Minecraft server, and will be running basically nothing else. This makes the rules I need quite simple:
Outbound: Accept all
Inbound: Accept SSH, Minecraft, pings, and anything on loopback, reject everything else
I tried the following set of rules to accomplish the above.
Code:
#Loopback stuff
-A INPUT -i lo -j ACCEPT
#Accept whatever's already established
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#SSH
-A INPUT -p tcp -m state --state NEW --dport 9001 -j ACCEPT
#Ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
#Minecraft
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25565 -j ACCEPT
#Log fails
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
#Reject everything else
-A INPUT -j REJECT
#Outbound
-A OUTPUT -j ACCEPT
I flushed iptables in case any rules were already set, then tried a restore with the above. This fails with: iptables-restore: line 2 failed
I tried commenting that out to see if the error would change, but it just fails on line 5 instead... then 8 if I comment that too. It looks like it won't accept *any* of these rules.
My webserver (not currently on Linode) uses almost the exact same ruleset, just with web and mail ports open rather than the MC port. Both servers are Ubuntu 10 LTS, both are on iptables 1.4.4. The kernel is different, 2.6.something vs. 3.0.0. I'm not sure if that changes anything major.
I'm probably missing something stupid here, but I can't figure out what. Any help would appreciated.
FAQ
Search
Members
Register
Login [ Anonymous ]
