IP tables for Minecraft

iptables.rule

#You probably want to do this in root to reduce the amount of sudos required
su -

#Clean out any existing rules and allow incoming traffic to begin with
iptables -P INPUT ACCEPT
iptables -F

#Allow all internal connections
iptables -A INPUT -i lo -j ACCEPT

#Allow continuing setup connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allow ssh, adjust port if you run it on non-default
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

#Allow minecraft, adjust port if you run it on non-default
iptables -A INPUT -p tcp --dport 25565 -j ACCEPT

#Disallow all input not whitelisted
#DO NOT RUN THIS IF YOU HAVEN'T VERIFIED YOU WHITELISTED SSH, YOU WILL LOCK YOURSELF OUT
iptables -P INPUT DROP

#Block all forwarding
iptables -P FORWARD DROP

#Allow all outgoing
iptables -P OUTPUT ACCEPT

#Save rules, they won't be persisted past restart of the machine otherwise
#Use packet manager of your choice instead
apt-get install iptables-persistent
#iptables-persistent will load from this file automatically
iptables-save > /etc/iptables/rules.v4


#Optional stuff from here on:

#If you have other internal servers for backups etc. you can use this to allow any connections from them
iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT

#Whitelist mumble
iptables -A INPUT -p tcp --dport 64738 -j ACCEPT
iptables -A INPUT -p udp --dport 64738 -j ACCEPT

#Whitelist Jenkins
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT