GAME server iptables strategy

The following rules are the iptables rules that have been implemented. They are mainly for the connection of the game server and the port is restricted. Due to the existence of the Internet cafe users, the setting of some values ​​may be too large. The attack is far more severe than the normal users of Internet cafes. Some, the defense effect against the attack is still good. If there are better rules, I hope to enlighten me to create a more harmonious security :)

# Firewall configuration written by system-config-securitylevel# Manual customization of this file Is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]:MYNET - [0:0]-A INPUT -j MYNET-A FORWARD -j MYNET -A MYNET -i lo -j ACCEPT-A MYNET -p icmp --icmp-type any -j ACCEPT-A MYNET -s 192.168.0.0/16 -j ACCEPT-A MYNET -p tcp --dport 30101 -m connlimit --connlimit-above 50 -j REJECT-A MYNET -p tcp --dport 30102 -m connlimit --connlimit-above 50 -j REJECT-A MYNET -p tcp --syn -m limit --limit 15/s - -limit-burst 30 -j ACCEPT-A MYNET -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 15/sec --limit-burst 30 -j ACCEPT- A MYNET -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 15/s --limit-burst 30 -j ACCEPT-A MYNET -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT-A MYNET -m state --state ESTABLISHED,RELATED -j ACCEPT-A MYNET -m state --state NEW -m tcp -p tcp --dport 8989 -j ACCEPT -A MYNET -m state --state NEW -m tcp -p tcp --dport 30101 -j ACCEPT-A MYNET -m state --state NEW -m tcp -p tcp --dport 30102 -j ACCEPT-A MYNET - p udp --dport 161 -j ACCEPT-A MYNET -p tcp --dport 191 -j ACCEPT-A MYNET -j REJECT --reject-with icmp-host-prohibitedCOMMIT