Linux firewallrules (iptables)

I recently found my way to Lbry, amazing!

What firewall rules should I have?
I’m basing my firewall on a iptables script.

I’ve visited this site:
but it doesn’t say if port 50001 is UDP or TCP.

These are my firewall rules (I’m just guessing), do they seem correct or do I have to change them somehow?

Default policies

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

Connection tracking

iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Allow 3 way handshake

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Output rules

iptables -A OUTPUT -p tcp --dport 3333 -j ACCEPT
iptables -A OUTPUT -p udp --dport 4444 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 50001 -j ACCEPT

Do I have to open up any INPUT ports considering I have enabled 3-way handshakes?

​Your iptables rules might not be correct as you need to have both inbound and outbound rules set.


  • ​3333 TCP
  • 4444 UDP

​Usually you might want to use an open policy for this, however if you prefer to have a BLOCK policy you’ll have to open up these ports (and I might be forgetting some):

  • 80 TCP
  • 443 TCP
  • 50001​ TCP
  • 5566 TCP
  • 5567 TCP
  • 4444 UDP

​Let me know if that works for you.

1 Like