Need To Check Iptables Ruleset?

2025-04-16

I was using CISCO PIX 501 for firewall system, but I had some trouble with NAT. It was not good for web hosting.

So I wrote iptables ruleset for web hosting. My server is locating in thePlannet. Please look at my files and check them PLEASE~~

Thanks.

Major Rule 1. Need to open only port1,port2,port3,port4,port5 in all eth1:* and eth0.
Major Rule 2. Need to open port6 in only one IP.
Major Rule 3. Nedd to accpet some ip's request from thePlanet

-------FILE BEGIN------

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8273:1603453]
:acctboth - [0:0]
:thePlanet - [0:0]
-A INPUT -j acctboth
#My rules starts
#RULES FOR eth0
#INPUT
-A INPUT -i eth0 -p tcp -m multiport --dport port1,port2,port3,port4,port5 -j ACCEPT
-A INPUT -i eth0 -p tcp -m multiport --sport port1,port2,port3,port4,port5 -j LOG
-A INPUT -i eth0 -p tcp -m tcp --dport 2082:2096 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 2082:2096 -j LOG
-A INPUT -i eth0 -p udp -m multiport --dport 53,54 -j ACCEPT
-A INPUT -i eth0 -p udp -m multiport --sport 53,54 -j LOG
#OUTPUT
-A OUTPUT -o eth0 -p tcp -m multiport --dport port1,port2,port3,port4,port5 -j LOG
-A OUTPUT -o eth0 -p tcp -m multiport --sport port1,port2,port3,port4,port5 -j LOG
-A OUTPUT -o eth0 -p tcp -m tcp --dport 2082:2096 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 2082:2096 -j LOG
-A OUTPUT -o eth0 -p udp -m multiport --dport 53,54 -J ACCEPT
-A OUTPUT -o eth0 -p udp -m multiport --sport 53,54 -j LOG
#RULES FOR eth1*
#INPUT
-A INPUT -i eth1* -p tcp -m multiport --dport port1,port2,port3,port4,port5 -j ACCEPT
-A INPUT -i eth1* -p tcp -m multiport --sport port1,port2,port3,port4,port5 -j LOG
-A INPUT -i eth1* -p tcp -m tcp --dport 2082:2096 -j ACCEPT
-A INPUT -i eth1* -p tcp -m tcp --sport 2082:2096 -j LOG
-A INPUT -i eth1* -p udp -m multiport --dport 53,54 -j ACCEPT
-A INPUT -i eth1* -p udp -m multiport --sport 53,54 -j LOG
#OUTPUT
-A OUTPUT -o eth1* -p tcp -m multiport --dport port1,port2,port3,port4,port5 -j LOG
-A OUTPUT -o eth1* -p tcp -m multiport --sport port1,port2,port3,port4,port5 -j LOG
-A OUTPUT -o eth1* -p tcp -m tcp --dport 2082:2096 -j ACCEPT
-A OUTPUT -o eth1* -p tcp -m tcp --sport 2082:2096 -j LOG
-A OUTPUT -o eth1* -p udp -m multiport --dport 53,54 -J ACCEPT
-A OUTPUT -o eth1* -p udp -m multiport --sport 53,54 -j LOG
#RULES FOR eth1:* FOR port6 ACCESS FOR ONE IP
#INPUT
-A INPUT -i eth1:5 -p tcp -m tcp --dport port6 -j ACCEPT
-A INPUT -i eth1:5 -p tcp -m tcp --sport port6 -j LOG
#OUTPUT
-A OUTPUT -o eth1: -p tcp -m tcp --dport port6 -j LOG
-A OUTPUT -o eth1: -p tcp -m tcp --sport port6 -j ACCEPT
#Planet RULES
-A INPUT -j thePlanet
#RULES for LO
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -j acctboth
-A acctboth -i ! lo
-A acctboth -i ! lo
-A thePlanet -s 12.96.160.0/255.255.255.0 -j ACCEPT
-A thePlanet -s 67.19.0.0/255.255.255.0 -j ACCEPT
-A thePlanet -s 70.84.160.0/255.255.255.0 -j ACCEPT
-A thePlanet -s 216.234.234.0/255.255.255.0 -j ACCEPT
COMMIT

-------FILE END------

THANKS. PLEASE HELP ME.