Bootstrap Framework 3.3.6

Over a dozen reusable components built to provide iconography, dropdowns, input groups, navigation, alerts, and much more...

what ports are needed for shoutcast and youtube ?

If you need help, post your question here.
To relieve the developers a bit, other user can help here too.
 Topic locked
User avatar

what ports are needed for shoutcast and youtube ?

By Beals
Posts Avatar
 Tue Jul 21, 2015 7:16 am #6253
after being ddosed for several days i have installed csf firewall i have opened a port range for the bots web interface but sadly now all the bots will not play Shoutcast stations nor youtube links i have looked up their domain names and already tried just adding their real ip to the allow section in csf still doesn't work if i disable the firewall everything goes right back to normal and working has it has for the last year or so any information on this would be great
User avatar

Re: what ports are needed for shoutcast and youtube ?

By Andrew Bailey
Avatar
 Tue Jul 21, 2015 4:33 pm #6254
Did some searching for you.

Have you got the following ports open.

Youtube:
Typical ports that should be open for RTMP streaming would be 80 and 1935.

Shoutcast:
TCP only to 8000 and 8001

I hope this helps you some, I know a bit about CSF but don't use it much anymore.
User avatar

Re: what ports are needed for shoutcast and youtube ?

By Beals
Posts Avatar
 Tue Jul 21, 2015 6:19 pm #6255
Andrew Bailey wrote:Did some searching for you.

Have you got the following ports open.

Youtube:
Typical ports that should be open for RTMP streaming would be 80 and 1935.

Shoutcast:
TCP only to 8000 and 8001

I hope this helps you some, I know a bit about CSF but don't use it much anymore.
sadly i have opened up theses ports already and haven't fixed the issue it really is frustrating all other features work
User avatar

Re: what ports are needed for shoutcast and youtube ?

By Beals
Posts Avatar
 Wed Jul 22, 2015 8:34 am #6259
Shadow86 wrote:hm...

youtube also uses https so i think maybe also port 443 should be open? (Only an idea not sure about it)

greetings

Shadow86
i have done this as well and i have even opened outbound for 9987. in case it was blocking it i have tried all kinds of things even permanent allowed the ips of shoutcast and youtube.

Re: what ports are needed for shoutcast and youtube ?

By Shadow86
 Sun Aug 23, 2015 7:12 pm #6427
Hey,

I didnt forgott you, i looked the last months on other systems, if they have similar issues.

The one and only Problem about "Youtube-issue" i saw, was on some Servers if they let dropp connections automaticly on outgoingtraffic.

So for example if iptables looks like this (i know you use csf but maybe you have a similar option)
#Defaults
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
then mostly it happens that youtube/streams doesnt work but if it looks like this
#Defaults
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
all runs fine

Maybe that helps you in any way

greetings

Shadow86
User avatar

Re: what ports are needed for shoutcast and youtube ?

By Beals
Posts Avatar
 Mon Aug 24, 2015 6:37 am #6428
atm i don't know where to begin

Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- !lo * 75.75.75.75 0.0.0.0/0 tcp dpt:53
2 0 0 ACCEPT udp -- !lo * 75.75.75.75 0.0.0.0/0 udp dpt:53
3 0 0 ACCEPT tcp -- !lo * 75.75.75.75 0.0.0.0/0 tcp spt:53
4 0 0 ACCEPT udp -- !lo * 75.75.75.75 0.0.0.0/0 udp spt:53
5 0 0 ACCEPT tcp -- !lo * 75.75.76.76 0.0.0.0/0 tcp dpt:53
6 0 0 ACCEPT udp -- !lo * 75.75.76.76 0.0.0.0/0 udp dpt:53
7 0 0 ACCEPT tcp -- !lo * 75.75.76.76 0.0.0.0/0 tcp spt:53
8 2 174 ACCEPT udp -- !lo * 75.75.76.76 0.0.0.0/0 udp spt:53
9 1192 201K LOCALINPUT all -- !lo * 0.0.0.0/0 0.0.0.0/0
10 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
11 1 44 SYNFLOOD tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02
12 261 17112 ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
13 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
14 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
15 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
16 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
17 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
18 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
19 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
20 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
21 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
22 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465
23 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587
24 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
25 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
26 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10011
27 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:30033
28 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:41144
29 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080
30 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:8887:8899
31 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:12320:12321
32 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2008
33 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:8000:8004
34 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1935
35 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9987
36 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
37 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
38 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
39 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:9987
40 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:2010
41 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpts:8887:8899
42 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:80
43 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:443
44 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpts:8000:8004
45 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:1935
46 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 8
47 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 0
48 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 11
49 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 3
50 2 80 LOGDROPIN all -- !lo * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 75.75.75.75 tcp dpt:53
2 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 75.75.75.75 udp dpt:53
3 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 75.75.75.75 tcp spt:53
4 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 75.75.75.75 udp spt:53
5 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 75.75.76.76 tcp dpt:53
6 2 142 ACCEPT udp -- * !lo 0.0.0.0/0 75.75.76.76 udp dpt:53
7 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 75.75.76.76 tcp spt:53
8 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 75.75.76.76 udp spt:53
9 1330 377K LOCALOUTPUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
10 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
11 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp dpt:53
12 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp spt:53
13 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp spt:53
14 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
15 262 16098 ACCEPT all -- * !lo 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
16 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
17 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
18 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
19 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
20 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
21 2 120 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
22 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
23 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:113
24 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
25 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587
26 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
27 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
28 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:8887:8899
29 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2008
30 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:8000:8004
31 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1935
32 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9987
33 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
34 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
35 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
36 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:113
37 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123
38 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpts:2011:2110
39 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:2010
40 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpts:8887:8899
41 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:80
42 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:443
43 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpts:8000:8004
44 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:1935
45 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:9987
46 0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmptype 0
47 0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmptype 8
48 0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmptype 11
49 0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmptype 3
50 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0

Chain ALLOWIN (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- !lo * 216.239.38.10 0.0.0.0/0
2 0 0 ACCEPT all -- !lo * 216.239.36.10 0.0.0.0/0
3 0 0 ACCEPT all -- !lo * 216.239.34.10 0.0.0.0/0
4 0 0 ACCEPT all -- !lo * 216.239.32.10 0.0.0.0/0
5 0 0 ACCEPT all -- !lo * 173.194.33.129 0.0.0.0/0
6 0 0 ACCEPT all -- !lo * 24.3.14.190 0.0.0.0/0
7 715 166K ACCEPT all -- !lo * 192.99.7.200 0.0.0.0/0
8 217 18012 ACCEPT all -- !lo * 10.0.0.2 0.0.0.0/0

Chain ALLOWOUT (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * !lo 0.0.0.0/0 216.239.38.10
2 0 0 ACCEPT all -- * !lo 0.0.0.0/0 216.239.36.10
3 0 0 ACCEPT all -- * !lo 0.0.0.0/0 216.239.34.10
4 0 0 ACCEPT all -- * !lo 0.0.0.0/0 216.239.32.10
5 0 0 ACCEPT all -- * !lo 0.0.0.0/0 173.194.33.129
6 0 0 ACCEPT all -- * !lo 0.0.0.0/0 24.3.14.190
7 714 34220 ACCEPT all -- * !lo 0.0.0.0/0 192.99.7.200
8 357 330K ACCEPT all -- * !lo 0.0.0.0/0 10.0.0.2

Chain DENYIN (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- !lo * 75.86.194.75 0.0.0.0/0
2 0 0 DROP all -- !lo * 43.229.53.31 0.0.0.0/0
3 0 0 DROP all -- !lo * 45.114.11.37 0.0.0.0/0
4 0 0 DROP all -- !lo * 113.116.63.9 0.0.0.0/0
5 0 0 DROP all -- !lo * 58.218.211.166 0.0.0.0/0

Chain DENYOUT (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 75.86.194.75
2 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 43.229.53.31
3 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 45.114.11.37
4 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 113.116.63.9
5 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 58.218.211.166

Chain LOCALINPUT (1 references)
num pkts bytes target prot opt in out source destination
1 1192 201K ALLOWIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
2 260 17071 DENYIN all -- !lo * 0.0.0.0/0 0.0.0.0/0

Chain LOCALOUTPUT (1 references)
num pkts bytes target prot opt in out source destination
1 1330 377K ALLOWOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
2 259 12907 DENYOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0

Chain LOGDROPIN (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
2 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
3 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
4 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
5 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
6 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
7 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
8 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:113
9 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
10 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
11 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
12 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
13 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500
14 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
15 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
16 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:513
17 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
18 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
19 1 44 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
20 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
21 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
22 2 80 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain LOGDROPOUT (6 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
2 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
3 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
4 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain SYNFLOOD (1 references)
num pkts bytes target prot opt in out source destination
1 1 44 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 150
2 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *SYNFLOOD Blocked* "
3 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain PREROUTING (policy ACCEPT 10 packets, 689 bytes)
num pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 9 packets, 645 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 4 packets, 262 bytes)
num pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 4 packets, 262 bytes)
num pkts bytes target prot opt in out source destination


ip6tables:

Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 25 3600 LOCALINPUT all !lo * ::/0 ::/0
2 0 0 ACCEPT all lo * ::/0 ::/0
3 0 0 SYNFLOOD tcp !lo * ::/0 ::/0 tcpflags: 0x17/0x02
4 0 0 ACCEPT all !lo * ::/0 ::/0 state RELATED,ESTABLISHED
5 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:20
6 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:21
7 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:22
8 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:25
9 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:53
10 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:80
11 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:110
12 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:143
13 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:443
14 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:465
15 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:587
16 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:993
17 0 0 ACCEPT tcp !lo * ::/0 ::/0 state NEW tcp dpt:995
18 0 0 ACCEPT udp !lo * ::/0 ::/0 state NEW udp dpt:20
19 0 0 ACCEPT udp !lo * ::/0 ::/0 state NEW udp dpt:21
20 0 0 ACCEPT udp !lo * ::/0 ::/0 state NEW udp dpt:53
21 25 3600 ACCEPT icmpv6 !lo * ::/0 ::/0
22 0 0 LOGDROPIN all !lo * ::/0 ::/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 LOCALOUTPUT all * !lo ::/0 ::/0
2 0 0 ACCEPT tcp * !lo ::/0 ::/0 tcp dpt:53
3 0 0 ACCEPT udp * !lo ::/0 ::/0 udp dpt:53
4 0 0 ACCEPT tcp * !lo ::/0 ::/0 tcp spt:53
5 0 0 ACCEPT udp * !lo ::/0 ::/0 udp spt:53
6 0 0 ACCEPT all * lo ::/0 ::/0
7 0 0 ACCEPT all * !lo ::/0 ::/0 state RELATED,ESTABLISHED
8 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:20
9 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:21
10 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:22
11 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:25
12 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:53
13 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:80
14 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:110
15 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:113
16 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:443
17 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:587
18 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:993
19 0 0 ACCEPT tcp * !lo ::/0 ::/0 state NEW tcp dpt:995
20 0 0 ACCEPT udp * !lo ::/0 ::/0 state NEW udp dpt:20
21 0 0 ACCEPT udp * !lo ::/0 ::/0 state NEW udp dpt:21
22 0 0 ACCEPT udp * !lo ::/0 ::/0 state NEW udp dpt:53
23 0 0 ACCEPT udp * !lo ::/0 ::/0 state NEW udp dpt:113
24 0 0 ACCEPT udp * !lo ::/0 ::/0 state NEW udp dpt:123
25 0 0 ACCEPT icmpv6 * !lo ::/0 ::/0
26 0 0 LOGDROPOUT all * !lo ::/0 ::/0

Chain ALLOWIN (1 references)
num pkts bytes target prot opt in out source destination

Chain ALLOWOUT (1 references)
num pkts bytes target prot opt in out source destination

Chain DENYIN (1 references)
num pkts bytes target prot opt in out source destination

Chain DENYOUT (1 references)
num pkts bytes target prot opt in out source destination

Chain LOCALINPUT (1 references)
num pkts bytes target prot opt in out source destination
1 25 3600 ALLOWIN all !lo * ::/0 ::/0
2 25 3600 DENYIN all !lo * ::/0 ::/0

Chain LOCALOUTPUT (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ALLOWOUT all * !lo ::/0 ::/0
2 0 0 DENYOUT all * !lo ::/0 ::/0

Chain LOGDROPIN (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP tcp * * ::/0 ::/0 tcp dpt:67
2 0 0 DROP udp * * ::/0 ::/0 udp dpt:67
3 0 0 DROP tcp * * ::/0 ::/0 tcp dpt:68
4 0 0 DROP udp * * ::/0 ::/0 udp dpt:68
5 0 0 DROP tcp * * ::/0 ::/0 tcp dpt:111
6 0 0 DROP udp * * ::/0 ::/0 udp dpt:111
7 0 0 DROP tcp * * ::/0 ::/0 tcp dpt:113
8 0 0 DROP udp * * ::/0 ::/0 udp dpt:113
9 0 0 DROP tcp * * ::/0 ::/0 tcp dpts:135:139
10 0 0 DROP udp * * ::/0 ::/0 udp dpts:135:139
11 0 0 DROP tcp * * ::/0 ::/0 tcp dpt:445
12 0 0 DROP udp * * ::/0 ::/0 udp dpt:445
13 0 0 DROP tcp * * ::/0 ::/0 tcp dpt:500
14 0 0 DROP udp * * ::/0 ::/0 udp dpt:500
15 0 0 DROP tcp * * ::/0 ::/0 tcp dpt:513
16 0 0 DROP udp * * ::/0 ::/0 udp dpt:513
17 0 0 DROP tcp * * ::/0 ::/0 tcp dpt:520
18 0 0 DROP udp * * ::/0 ::/0 udp dpt:520
19 0 0 LOG tcp * * ::/0 ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP6IN Blocked* "
20 0 0 LOG udp * * ::/0 ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP6IN Blocked* "
21 0 0 LOG icmpv6 * * ::/0 ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP6IN Blocked* "
22 0 0 DROP all * * ::/0 ::/0

Chain LOGDROPOUT (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOG tcp * * ::/0 ::/0 tcpflags: 0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP6OUT Blocked* "
2 0 0 LOG udp * * ::/0 ::/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP6OUT Blocked* "
3 0 0 LOG icmpv6 * * ::/0 ::/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP6OUT Blocked* "
4 0 0 DROP all * * ::/0 ::/0

Chain SYNFLOOD (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all * * ::/0 ::/0 limit: avg 100/sec burst 150
2 0 0 LOG all * * ::/0 ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *SYNFLOOD Blocked* "
3 0 0 DROP all * * ::/0 ::/0

Re: what ports are needed for shoutcast and youtube ?

By Shadow86
 Mon Aug 24, 2015 8:45 am #6429
you can try it with this iptables setup, i think its simple and easy to edit:


If you have already blacklisted ips after this command you can add it to this list:
Code: Select all
touch /usr/local/etc/blacklist.txt

Same with whitelist (here are ips in it they are always allowed):
Code: Select all
touch /usr/local/etc/whitelist.txt
then create a file for the script
Code: Select all
touch /etc/init.d/firewall
this file need to be executable:
Code: Select all
chmod +x /etc/init.d/firewall
now edit script with
Code: Select all
nano /etc/init.d/firewall
If your now edit this file be sure that your SSH PORT is on the IN_ALLOWED_TCP="" and OUT_ALLOWED_TCP="" and of course all your neccessary services

On this script fail2ban is integratet i outcomanded it, because i just wanted to share the iptables thing, for a fast solution about youtube/stream issues.

script:
Code: Select all
#!/bin/sh
### BEGIN INIT INFO
# Provides:          custom firewall
# Required-Start:    $remote_fs $syslog $network
# Required-Stop:     $remote_fs $syslog $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: firewall initscript
# Description:       Custom Firewall, placed in /etc/init.d.
#                    script written by Gargi 2009 http://www.gargi.org
### END INIT INFO

#needed modules
modprobe ip_conntrack_ftp

BLACKLIST=/usr/local/etc/blacklist.txt
WHITELIST=/usr/local/etc/whitelist.txt

#PORTDESCRIPTION
#21:FTP 22:SSH 25:SMTP 53:DNS 80:HTTP 443:HTTPS 123:NTP 2000:TS3MB 2010:TS3MB2 2020:TS3MB3

#trigger for your ports
IN_ALLOWED_TCP="21 22 25 53 80 443"
OUT_ALLOWED_TCP="21 22 25 53 80 443" 
IN_ALLOWED_UDP="53 123"
OUT_ALLOWED_UDP="53 123"
IN_ALLOWED_ICMP=" "
OUT_ALLOWED_IMCP=" "

case "$1" in
   start)

      # Stopping IP trap
      #/etc/init.d/fail2ban stop
      #echo "Stopping fail2ban IP trap ..."

      # Clear iptables
      iptables -F

      #Defaults
      iptables -P INPUT DROP
      iptables -P OUTPUT ACCEPT
      iptables -P FORWARD DROP

      # loopback communication
      iptables -A INPUT -i lo -j ACCEPT
      iptables -A OUTPUT -o lo -j ACCEPT

      # persist on connections
      iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
      iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

      # Ban blacklisted IPs
      for x in `grep -v ^# $BLACKLIST | awk '{print $1}'`; do
        echo "Blocking $x..."
        iptables -A INPUT -t filter -s $x -j DROP
      done

      # Allow whitelisted IPs
      for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
        echo "Allowing $x..."
        iptables -A INPUT -t filter -s $x -j ACCEPT
      done

      # TCP rules in
      for port in $IN_ALLOWED_TCP; do
        echo "Accepting TCP port $port"
        iptables -A INPUT -t filter -p tcp --dport $port -j ACCEPT
      done

      # TCP rules out
      for port in $OUT_ALLOWED_TCP; do
        echo "Allowing sending over TCP port $port"
        iptables -A OUTPUT -t filter -p tcp --dport $port -j ACCEPT
      done

      # UDP rules in
      for port in $IN_ALLOWED_UDP; do
        echo "Accepting UDP  port $port"
        iptables -A INPUT -t filter -p udp --dport $port -j ACCEPT
      done

      # UDP  rules out
      for port in $OUT_ALLOWED_UDP; do
        echo "Allowing sending over UDP port $port"
        iptables -A OUTPUT -t filter -p udp --dport $port -j ACCEPT
      done

      # ICMP rules in
      for port in $IN_ALLOWED_ICMP; do
        echo "Accepting ICMP  port $port"
        iptables -A INPUT -t filter -p icmp --dport $port -j ACCEPT
      done

      # ICMP rules out
      for port in $OUT_ALLOWED_ICMP; do
        echo "Allowing sending over ICMP port $port"
        iptables -A OUTPUT -t filter -p icmp --dport $port -j ACCEPT
      done

      # Dropping startup requests
      iptables -A INPUT -t filter -p tcp --syn -j DROP

      # Restarting IP trap
      #/etc/init.d/fail2ban start
      echo "Fire up IP trap again ..."
      ;;
   stop)
      #/etc/init.d/fail2ban stop
      iptables -F
      iptables -P INPUT ACCEPT
      iptables -P OUTPUT ACCEPT
      echo "Warning! Firewall is stopped, server is unprotected now!"
      ;;
   restart)
      $0 stop
      sleep 1
      $0 start
      ;;
      *)
      echo "Usage $0 {start|stop|restart}"
      ;;
esac
If your done with it, test it with a restart of Iptables.
Code: Select all
/etc/init.d/firewall restart
Now if all runs as you wish, add it to the run Leves.

I decided to do it in this way , the problem here is... if you blocked out yourself [for example, you forgott to set your important ports], you cant reach your system anymore.
With my Solution you just can reboot and the settings didnt get loaded and you can correct the wrong things.


Adding Iptables to the runlevels:
Iptables get always loaded with this setup also if you reboot your system.

Code: Select all
cd /etc/init.d
Code: Select all
update-rc.d firewall defaults
In Future if you want to change something on the firewall:

edit with:
Code: Select all
nano /etc/init.d/firewall
and after it, it needs always a restart
Code: Select all
/etc/init.d/firewall restart
 Topic locked
 Return to “Help”
U4GM - Steal a Brainrot: 20 Methods to Reduce Skill Cooldowns

If you’ve been grinding Steal a Brainrot for[…]

READ MORE
(B) http://vaild.work/ SELL CASHAPP PAYPAL TRNASFER DUMPS PIN TRAACK 1&2 CLONE CARDS BUY BANK LOGIN

CLONE CARDS ATM REAL SUPPLYING STORE DUMPS WITH PI[…]

READ MORE
(B) http://vaild.work/ BUY CLONED CARDS ATM BIGGEST DUMPS 1&2 EMV X2 CCV2 HIGH VALID DAILY FRESH UPD

CLONE CARDS ATM REAL SUPPLYING STORE DUMPS WITH PI[…]

READ MORE
(B) http://vaild.work/ sell best Acc PAYPAL,BANK LOGIN,CASHAPP,WU shop(More than 1kk accounts availa

CLONE CARDS ATM REAL SUPPLYING STORE DUMPS WITH PI[…]

READ MORE
VIEW MORE TOPICS

Swap-in out addons, use only what you really need!

Purchase now