Can you please check this IPTables

Hello,

Can you please check to see if my IPTables is secure, if you see any vulnerabilities. I needed the 20000 - 30000 ports open to allow game servers, nothing vulnerable is running on those ports. Other than that is this IPTables alright?

# Generated by iptables-save v1.4.7 on Wed Nov 21 18:55:57 2012
*raw
Can you please check this IPTablesREROUTING ACCEPT [294:43656]
:OUTPUT ACCEPT [334:184243]
COMMIT
# Completed on Wed Nov 21 18:55:57 2012
# Generated by iptables-save v1.4.7 on Wed Nov 21 18:55:57 2012
*nat
Can you please check this IPTablesREROUTING ACCEPT [24:1248]
Can you please check this IPTablesOSTROUTING ACCEPT [3:198]
:OUTPUT ACCEPT [3:198]
COMMIT
# Completed on Wed Nov 21 18:55:57 2012
# Generated by iptables-save v1.4.7 on Wed Nov 21 18:55:57 2012
*mangle
Can you please check this IPTablesREROUTING ACCEPT [294:43656]
:INPUT ACCEPT [294:43656]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [335:184335]
Can you please check this IPTablesOSTROUTING ACCEPT [335:184335]
COMMIT
# Completed on Wed Nov 21 18:55:57 2012
# Generated by iptables-save v1.4.7 on Wed Nov 21 18:55:57 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [334:184243]
-A INPUT -p udp -m udp --dport 20 -j ACCEPT
-A INPUT -p udp -m udp --dport 21 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --destination-port 20000:30000 -j ACCEPT
-A INPUT -p udp --destination-port 20000:30000 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Nov 21 18:55:57 2012


Thank you

 

 

 

 

Top