rendered paste body#!/bin/bash
# Flush any existing rules and set the default policies
iptables -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# Accept anything from myself
iptables -A INPUT -s 127.0.0.1/32 --jump ACCEPT
# Allow myself to be a non-passive FTP client
#iptables -A INPUT -p tcp --dport ftp-data --jump ACCEPT
# Do not allow a local user to connect to a remote Telnet
# server and thus give away login and password information:
iptables -A OUTPUT -p tcp --dport telnet --jump REJECT
# Steam
iptables -A INPUT -p tcp --dport 27000:27041 --jump ACCEPT
iptables -A INPUT -p udp --dport 27000:27041 --jump ACCEPT
# Steam Friends Service
iptables -A INPUT -p udp --dport 1200 --jump ACCEPT
# Quake 3
iptables -A INPUT -p tcp --dport 27960 --jump ACCEPT
iptables -A INPUT -p udp --dport 27960 --jump ACCEPT
# Quake 2
iptables -A INPUT -p udp --dport 27910 --jump ACCEPT
iptables -A INPUT -p udp --dport 27910 --jump ACCEPT
# StarCraft
iptables -A INPUT -p tcp --dport 6112 --jump ACCEPT
iptables -A INPUT -p udp --dport 6112 --jump ACCEPT
# AIM DCC
iptables -A INPUT -p tcp --dport 5190:5200 --jump ACCEPT
iptables -A INPUT -p udp --dport 5190:5200 --jump ACCEPT
# Custom DC++ Port
iptables -A INPUT -p tcp --dport 27072 --jump ACCEPT
iptables -A INPUT -p udp --dport 27072 --jump ACCEPT
# If it's not one of the above allowed cases, block connection
# attempts to privileged TCP and UDP ports.
#
# Silently drop unwanted packets to waste the attacker's time.
iptables -A INPUT -p tcp --dport 1:65535 --jump DROP
iptables -A INPUT -p udp --dport 1:65535 --jump DROP
# Report what happened
echo 'Firewall rules installed:'
iptables -L
exit