From 1fc25c760d5718b69bfefefa9cd9c5b57856561f Mon Sep 17 00:00:00 2001
From: Edwin Lyon <53972157+practical-engelbart@users.noreply.github.com>
Date: Sun, 25 Oct 2020 12:19:19 -0700
Subject: [PATCH] Update rules6.conf

---
 iptables/rules6.conf | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/iptables/rules6.conf b/iptables/rules6.conf
index b3e897e..12fa596 100644
--- a/iptables/rules6.conf
+++ b/iptables/rules6.conf
@@ -12,23 +12,22 @@
 -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 5/sec -j ACCEPT
 -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 5/sec -j ACCEPT
 -A INPUT -m conntrack --ctstate INVALID -j DROP
--A INPUT -i ens3 -m conntrack --ctstate NEW -p tcp -m multiport --dports 80,443,8448 -j ACCEPT
--A INPUT -i ens3 -m conntrack --ctstate NEW -p udp -m multiport --dports 51820:51821 -j ACCEPT
 -A INPUT -j FILTERS
 -A INPUT -j REJECT
 -A OUTPUT -o lo -j ACCEPT
 -A OUTPUT -o ens3 -j ACCEPT
 -A DOCKER-USER -i ens3 -j FILTERS
 -A FILTERS -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 25 -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 80 -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 110 -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 143 -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 443 -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 465 -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 587 -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 993 -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 995 -j ACCEPT
--A FILTERS -m conntrack --ctstate NEW -p tcp --dport 4190 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 25 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 80 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 110 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 143 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 443 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 465 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 587 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 993 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 995 -j ACCEPT
+-A FILTERS -m conntrack --ctstate NEW -p tcp --syn --dport 4190 -j ACCEPT
 -A FILTERS -m conntrack --ctstate INVALID -j DROP
+-A FILTERS -j REJECT
 COMMIT