Some good IPTABLES rules

September 9, 2022
Personal note with example IPv4s Maybe this could be useful for your DNS-server aswell

IPT="/sbin/iptables"

# Flush old rules, old custom tables
$IPT --flush
$IPT --delete-chain

# Set default policies for all three default chains
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

# Enable free use of loopback interfaces
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

# All TCP sessions should begin with SYN
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP


# Accept inbound TCP packets

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Traffic from Ports
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -s 192.168.69.0/24 -j ACCEPT
$IPT -A INPUT -p udp -m udp --dport 53 -s 192.168.69.X/32 -j ACCEPT
$IPT -A INPUT -p tcp --dport 53 -m state --state NEW -s 192.168.69.X/32 -j ACCEPT
$IPT -A INPUT -p tcp --dport 5666 -m state --state NEW -s 192.168.69.X/32 -j ACCEPT

# Flood protection for DNS UDP
# See: /proc/net/ipt_hashlimit/DNS
#iptables -A INPUT -p udp --dport 53 -m state --state NEW \
#  -m hashlimit \
#  --hashlimit-above 300/sec \
#  --hashlimit-mode srcip \
#  --hashlimit-name DNS \
#  --hashlimit-htable-expire 60000 \
#  -j DROP

$IPT -A INPUT -p tcp --dport 53 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT  # - DNS


# Accept inbound UDP packets

$IPT -A INPUT -p udp -m udp --dport 53 -s 0.0.0.0/0 -j ACCEPT


# Accept inbound ICMP packets #

$IPT -A INPUT -p ICMP --icmp-type 8 -s 0.0.0.0/0 -j ACCEPT