From 50798cc47729dc10e4e0b848a9b29fbdcbcf134d Mon Sep 17 00:00:00 2001
From: "usa.yimian.xyz" <git@usa.yimian.xyz>
Date: Thu, 20 Aug 2020 00:08:38 -0400
Subject: [PATCH] iptables

---
 usa.yimian.xyz/iptables.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/usa.yimian.xyz/iptables.sh b/usa.yimian.xyz/iptables.sh
index 00e5608..03e58cf 100644
--- a/usa.yimian.xyz/iptables.sh
+++ b/usa.yimian.xyz/iptables.sh
@@ -16,10 +16,11 @@ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 #iptables -A FORWARD -p tcp --dport 4443 -j ACCEPT
 #iptables -A FORWARD -p tcp --dport 4400:4440 -j ACCEPT
 # dns
-iptables -A INPUT -p tcp --sport 53 -j ACCEPT
-iptables -A INPUT -p udp --sport 53 -j ACCEPT
+#iptables -A INPUT -p tcp --sport 53 -j ACCEPT
+#iptables -A INPUT -p udp --sport 53 -j ACCEPT
 # for established service
 iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
 # icmp ping
 iptables -A INPUT -p icmp -j ACCEPT
 # dns lookup
@@ -30,7 +31,7 @@ iptables -A OUTPUT -p tcp --sport 31337 -j DROP
 iptables -A OUTPUT -p tcp --dport 31337 -j DROP
 # anti ddos
 #iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
-#iptables -A FORWARD -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
+iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
 # end
 #iptables -A FORWARD -j DROP
 # save