[!] -p, --protocol protocol
The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, udplite, icmp, esp, ah, sctp or the special keyword "all", or it can be a numeric value, representing one of these
protocols or a different one. A protocol name from /etc/protocols is also allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. "all" will match with all protocols and
is taken as default when this option is omitted.
^^ vyhodit -m .. nicmene asi nejlepsi by bylo zjistit pomoci tcpdump co a na jakej port se snazi ten minecraft pouzivat .. potom samozrejme router musi routovat a mit spravne pravidla .. pokud mas prazdne iptables -L tak to asi nebude standardne nastavenej router
ukazu ti treba jedny svoje zakladni iptables, kde je vlastne priklad toho co potrebujes + jak to asi ma v zakladu vypadat
# iptables-save | egrep -v ^#\|218/32
*nat
:PREROUTING ACCEPT [36710:7688842]
:POSTROUTING ACCEPT [578:43164]
:OUTPUT ACCEPT [573:42896]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.68.2:443
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.68.2:80
-A POSTROUTING -s 192.168.68.0/24 -o eth1 -j MASQUERADE
COMMIT
*filter
:INPUT DROP [25413:6471673]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 52022 -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -m udp --dport 53194 -j ACCEPT
-A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 1581 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.68.0/24 -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT