I need some help proof reading my IPtables rules, my rules seem to work but I cannot be sure

1

Like the title says, I need some help proof reading my iptable rules, my rules seem to work but I cannot be sure. My set up is as follows: ISP ---> cable modem ---> Ethernet switch ---> netbook/server/firewall/wifi ---> Wireless connected devices.

My netbook is a server that has Ubuntu 13.04 Raring 32bit running OpenVPN, Email, and Iodine (IP-Over-DNS). This same netbook also functions as a wireless router using dhcp, hostapd for wifi, and iptables as it's firewall.

eth0 is the WAN with the IP of 192.168.1.2
wlan0 is the LAN with the IP of 10.0.0.2
dns0 and dns1 is the Iodine tunnel with the IPs of 172.168.0.1(dns0) and 172.16.2.1(dns1)
tun0 is my OpenVPN tunnel with the IP of 10.0.2.1

What should happen is all requests to ports inbound/outbound should be BLOCKED to/from the server/router itself except:
Ports 80 and 443 for web browsing
Ports 25, 587, 110, 995, 143, and 993 for various Email services
Port 22 for ssh
Port 1194 for OpenVPN

All ports inbound/outbound should be BLOCKED to/from connections on my VPN, connections on Iodine, and Wifi connections except:
Port 53 for DNS requests
Ports 80 and 443 for web browsing
Ports 8080 to access college services
Port 29304 for skype
Ports 6783, 6784, and 6785 for Splashtop Streamer
Ports 5060 to 5080 and port 65535 for CallCentric VOIP
Ports 19305 to 19309; ports 5228 and 14259 for various Google services
Ports 80(udp), 6969, and 1337 for torrents
Port 25 for Email
Port 587 for iCloud email
Ports 465, 587, 993, 994, and 995 for Gmail
Ports 7070, 1338, 6667, and 6697 for IRC
Ports 2000, 1843, and 843 for text based online games like MUDs
Port 22 for SSH
Port 1194 for VPN
Ports 3478 to 3487, 16384 to 16387, 16393 to 16402, and 5223 for iMessages and Facetime

Below are my iptables rules, I put these rules in /etc/default/iptables so that these rules are set at every boot.

###****FIREWALL PRESETUP****###

*nat

# Wireless devices wlan0
-A POSTROUTING -o eth0 -s 10.0.0.2/24 -j MASQUERADE

# Personal VPN tun0 to this network from my devices
-A POSTROUTING -o eth0 -s 10.0.2.0/24 -j MASQUERADE

# Iodine (IP-over-DNS) dns0 and dns1
-A POSTROUTING -o eth0 -s 172.16.0.1/27 -j MASQUERADE
-A POSTROUTING -o eth0 -s 172.16.2.1/27 -j MASQUERADE

COMMIT

###****BEGIN GLOBAL FIREWALL****###

*filter

# Block unwanted traffic
:FORWARD DROP
:INPUT DROP

# Allow wanted traffic to/from all interfaces
:OUTPUT ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# Make sure wanted traffic to/from wlan0 (LAN) is allowed
-A FORWARD -i wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Make sure wanted traffic to/from tun0 (VPN) is allowed
-A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -o eth0 -s 10.0.2.0/25 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Also allow traffic to/from tun0 (VPN) to wlan0 (LAN)
-A FORWARD -i tun0 -o wlan0 -s 10.0.2.0/25 -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Also allow traffic to/from tun0 (VPN) to eth0 (WAN)
-A FORWARD -i tun0 -o eth0 -s 10.0.2.0/25 -d 192.168.2.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Make sure wanted traffic to/from dns0 and dns1, Iodine (IP-over-DNS), is allowed
-A FORWARD -i dns0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i dns1 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Also allow traffic to/from dns0 and dns1, Iodine (IP-over-DNS), to wlan0 (LAN)
-A FORWARD -i dns0 -o wlan0 -s 172.16.0.1/27 -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i dns1 -o wlan0 -s 172.16.2.1/27 -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Also allow traffic to/from dns0 and dns1, Iodine (IP-over-DNS), to eth0 (WAN)
-A FORWARD -i dns0 -o wlan0 -s 172.16.0.1/27 -d 192.168.2.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i dns1 -o wlan0 -s 172.16.2.1/27 -d 192.168.2.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow wanted traffic into the router itself
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

###****BEGIN WIFI FIREWALL ****###

#Logging
#-A FORWARD -i wlan0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"
#-I FORWARD 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# dns
-A FORWARD -i wlan0 -o eth0 -p udp --dport 53 -j ACCEPT

# http, https
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 80 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 443 -j ACCEPT

# Los Rios College eServices (and others)
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 8080 -j ACCEPT

# Skype (Outgoing)
-A FORWARD -i wlan0 -o eth0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 29304 -j ACCEPT

# Skype (Incoming)
-A FORWARD -i eth0 -o wlan0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -p tcp --dport 29304 -j ACCEPT

# Splashtop streamer
-A FORWARD -i wlan0 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT

# CallCentric VOIP
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 65535 -j ACCEPT

# Google hangout, voip, and other google services
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 5228 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 5228 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 14259 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 14259 -j ACCEPT

# Torrent
-A FORWARD -i wlan0 -o eth0 -p udp --dport 80 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 6969 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 1337 -j ACCEPT

# Email
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 25 -j ACCEPT

# iCloud Email
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail SMTP SSL
-A FORWARD -i wlan0 -o eth0 -p udp --dport 465 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 465 -j ACCEPT

# Gmail SMTP StartTLS
-A FORWARD -i wlan0 -o eth0 -p udp --dport 587 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail IMAP SSL
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT

# irc
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 7070 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 1338 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 6667 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 6697 -j ACCEPT

# MUD
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 2000 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 1843 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 843 -j ACCEPT

# ssh
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 22 -j ACCEPT

# vpn
-A FORWARD -i wlan0 -o eth0 -p udp --dport 1194 -j ACCEPT

# iOS iMessages, Facetime
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 5223 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT

# Allow PING from remote hosts.
-A FORWARD -i wlan0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT

###****BEGIN IODINE (IP-over-DNS, dns0 and dns1) FIREWALL ****###

#Logging
#-A FORWARD -i dns0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"

# dns
-A FORWARD -i dns0 -o eth0 -p udp --dport 53 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 53 -j ACCEPT

# http, https
-A FORWARD -i dns0 -o eth0 -p tcp --dport 80 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 443 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 80 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 443 -j ACCEPT

# Los Rios College eServices (and others)
-A FORWARD -i dns0 -o eth0 -p tcp --dport 8080 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 8080 -j ACCEPT

# Skype (Outgoing)
-A FORWARD -i dns0 -o eth0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 29304 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 29304 -j ACCEPT

# Skype (Incoming)
-A FORWARD -i eth0 -o dns0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o dns0 -p tcp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o dns1 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o dns1 -p tcp --dport 29304 -j ACCEPT

# Splashtop streamer
-A FORWARD -i dns0 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT

# CallCentric VOIP
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 65535 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 65535 -j ACCEPT

# Google hangout, voip, and other google services
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 5228 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 5228 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 14259 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 14259 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 5228 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 5228 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 14259 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 14259 -j ACCEPT

# Torrent
-A FORWARD -i dns0 -o eth0 -p udp --dport 80 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 6969 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 1337 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 80 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 6969 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 1337 -j ACCEPT

# Email
-A FORWARD -i dns0 -o eth0 -p tcp --dport 25 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 25 -j ACCEPT

# iCloud Email
-A FORWARD -i dns0 -o eth0 -p tcp --dport 587 -j ACCEPT
-A FORWARD -i dns1 -o eth -p tcp --dport 587 -j ACCEPT

# Gmail SMTP SSL
-A FORWARD -i dns0 -o eth0 -p udp --dport 465 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 465 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 465 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 465 -j ACCEPT

# Gmail SMTP StartTLS
-A FORWARD -i dns0 -o eth0 -p udp --dport 587 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 587 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 587 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail IMAP SSL
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT

# irc
-A FORWARD -i dns0 -o eth0 -p tcp --dport 7070 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 1338 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 6667 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 6697 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 7070 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 1338 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 6667 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 6697 -j ACCEPT

# MUD
-A FORWARD -i dns0 -o eth0 -p tcp --dport 2000 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 1843 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 843 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 2000 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 1843 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 843 -j ACCEPT

# ssh
-A FORWARD -i dns0 -o eth0 -p tcp --dport 22 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 22 -j ACCEPT

# vpn
-A FORWARD -i dns0 -o eth0 -p udp --dport 1194 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 1194 -j ACCEPT

# iOS iMessages, Facetime
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 5223 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 5223 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT

# Allow PING from remote hosts.
-A FORWARD -i dns0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT

###****BEGIN VPN FIREWALL****###

#Logging
#-A FORWARD -i tun0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"

# dns
-A FORWARD -i tun0 -o eth0 -p udp --dport 53 -j ACCEPT

# http, https
-A FORWARD -i tun0 -o eth0 -p tcp --dport 80 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 443 -j ACCEPT

# Los Rios College eServices (and others)
-A FORWARD -i tun0 -o eth0 -p tcp --dport 8080 -j ACCEPT

# Skype (Outgoing)
-A FORWARD -i tun0 -o eth0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 29304 -j ACCEPT

# Skype (Incoming)
-A FORWARD -i eth0 -o tun0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -p tcp --dport 29304 -j ACCEPT

# Splashtop streamer
-A FORWARD -i tun0 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT

# CallCentric VOIP
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 65535 -j ACCEPT

# Google hangout, voip, and other google services
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 5228 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 5228 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 14259 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 14259 -j ACCEPT

# Torrent
-A FORWARD -i tun0 -o eth0 -p udp --dport 80 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 6969 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 1337 -j ACCEPT

# Email
-A FORWARD -i tun0 -o eth0 -p tcp --dport 25 -j ACCEPT

# iCloud Email
-A FORWARD -i tun0 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail SMTP SSL
-A FORWARD -i tun0 -o eth0 -p udp --dport 465 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 465 -j ACCEPT

# Gmail SMTP StartTLS
-A FORWARD -i tun0 -o eth0 -p udp --dport 587 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail IMAP SSL
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT

# irc
-A FORWARD -i tun0 -o eth0 -p tcp --dport 7070 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 1338 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 6667 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 6697 -j ACCEPT

# MUD
-A FORWARD -i tun0 -o eth0 -p tcp --dport 2000 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 1843 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 843 -j ACCEPT

# ssh
-A FORWARD -i tun0 -o eth0 -p tcp --dport 22 -j ACCEPT

# vpn
-A FORWARD -i tun0 -o eth0 -p udp --dport 1194 -j ACCEPT

# iOS iMessages, Facetime
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 5223 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT

# Allow PING from remote hosts.
-A FORWARD -i tun0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT

###****BEGIN SERVER FIREWALL****###

#Logging
#-A FORWARD -i wlan0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"

# Loop device.
-A INPUT -i lo -j ACCEPT

# http, https
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# smtp, submission
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT

# pop3, pop3s
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT

# imap, imaps
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

# ssh
-A INPUT -p tcp --dport 22 -j ACCEPT

# vpn
-A INPUT -p udp --dport 1194 -j ACCEPT

# Allow PING from remote hosts.
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

COMMIT

This is the output of "iptables -nvL" to show what is in effect, http://pastebin.com/AtZaFDd5 those fail2ban lines are there because I have fail2ban installed.

This is the output of "iptables -S" to show what is in effect, http://pastebin.com/2aEcZxnQ again those fail2ban lines are there because I have fail2ban installed.

Raansu

Posted 2013-07-01T04:56:09.013

Reputation: 31

1Why not post them directly into the question (properly formatted, of course)? – Ignacio Vazquez-Abrams – 2013-07-01T05:01:55.027

I don't want this to be a never ending post, this page would go on forever! – Raansu – 2013-07-01T05:16:47.930

No, the page renderer handles it appropriately, provided it's formatted properly. – Ignacio Vazquez-Abrams – 2013-07-01T05:17:52.463

Ok I see what you mean, should look good now. – Raansu – 2013-07-01T05:27:06.020

No answers

Asked: 2013-07-01T04:56:09.013

Viewed: 614 times

Active: 2013-07-02T09:00:22.007