Hi At the last time i createt a firewall for my server the firewall looks so: Code: #!/bin/bash IPTABLES=/sbin/iptables $IPTABLES -F $IPTABLES -t mangle -F $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT DROP $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #loopback $IPTABLES -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT $IPTABLES -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT #Ping $IPTABLES -A INPUT -p icmp --icmp-type 8 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT #DNS $IPTABLES -A INPUT -p udp --sport 53 -j ACCEPT $IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT $IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix "NMAP-XMAS SCAN:" --log-tcp-options --log-ip-options --log-level debug $IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP $IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "NMAP-NULL SCAN:" --log-tcp-options --log-ip-options --log-level debug $IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP $IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "SYN/RST SCAN:" --log-tcp-options --log-ip-options --log-level debug $IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP $IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "SYN/FIN SCAN:" --log-tcp-options --log-ip-options --log-level debug $IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #HTTP $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 80 -j ACCEPT #HTTPS $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 443 -j ACCEPT #SSH $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 22 -j ACCEPT #FTP $IPTABLES -A OUTPUT -p tcp --dport 20:21 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 20:21 -j ACCEPT #Team Speak ##Voice $IPTABLES -A INPUT -p udp --dport 9987 -j ACCEPT $IPTABLES -A OUTPUT -p udp --sport 9987 -j ACCEPT ##Server query $IPTABLES -A INPUT -p tcp --dport 10011 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 10011 -j ACCEPT ##Filetransfer $IPTABLES -A INPUT -p tcp --dport 30033 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 30033 -j ACCEPT #Bukkit $IPTABLES -A INPUT -p tcp --dport 25565 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 25565 -j ACCEPT $IPTABLES -A OUTPUT -p udp --dport 25565 -j ACCEPT ##Dynmap $IPTABLES -A INPUT -p tcp --dport 8123 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --sport 8123 -j ACCEPT all other servers(TS,www,mysql) works great. But bukkit tells me over the consol "Too to long login" but when i disable the firewall then i can login. Whats the problem? How looks your firewall script? sorry for this horrible text but my english isn't good bukkit runs on tcp6 i think tcp and tcp6 are not the same how can i allow a tcp6 port? EDIT by Moderator: merged posts, please use the edit button instead of double posting.
Unless you've missed rules from the above, it'll never work. Your server needs to be able to connect to minecraft.net (specifically session.minecraft.net) to authenticate connecting players. I believe this is done over HTTPS (port 443). There are certainly other ports you may want to open too, for example, if you run craftbukkituptodate then it will need to query this site to see if it's up to date, some plugins also do lookups to see if they are up to date etc etc. Finally tcp6 is for IPv6, there is no reason you would need that unless you wanted to run on an IPv6 address. If you don't know what that means, you don't need it
when i block some ip from chienes for attemp to hack with SSH and DDOS... the port for dynmap it block himself..