![neorouter port forwarding 32976 neorouter port forwarding 32976](https://www.topconpositioning.com/sites/default/files/styles/totalcare_article_full_image/public/totalcare_article/content_images/nat1_1.jpg)
Iptables -A INPUT -p tcp -dport 21 -m state -state NEW -j ACCEPT #iptables -A INPUT -p tcp -i $OUT -dport 6036 -j ACCEPT Iptables -A INPUT -p tcp -i $IN -m multiport -dport 80,443,10000 -j ACCEPT Iptables -A INPUT -p udp -i $IN -dport 123 -j ACCEPT Iptables -A INPUT -p udp -i $IN -dport 161 -j ACCEPT
![neorouter port forwarding 32976 neorouter port forwarding 32976](https://i.ytimg.com/vi/6x4l2TBVblo/maxresdefault.jpg)
#iptables -A INPUT -p tcp -i $IN -dport 9999 -j ACCEPT Iptables -A INPUT -p udp -i $IN -m multiport -dport 137,138 -j ACCEPT Iptables -A INPUT -p tcp -i $IN -m multiport -dport 139,445 -j ACCEPT #iptables -A INPUT -p udp -dport 1194 -j ACCEPT Iptables -A INPUT -p 139 -i ppp0 -j ACCEPT Iptables -A INPUT -p 139 -i ppp1 -j ACCEPT Iptables -A INPUT -p icmp -i ppp1 -icmp-type echo-request -j ACCEPT Iptables -A INPUT -p icmp -i $OUT -icmp-type echo-request -j ACCEPT Iptables -A INPUT -p icmp -i eth2 -icmp-type echo-request -j ACCEPT Iptables -A INPUT -p icmp -i $IN -icmp-type echo-request -j ACCEPT # Statistics and auths for customers, ping tests Iptables -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT # any established or related conns are welcome Iptables -A INPUT -p tcp -tcp-flags ACK,URG URG -j DROP # URG is the only bit set, without the expected accompanying ACK Iptables -A INPUT -p tcp -tcp-flags ACK,PSH PSH -j DROP # PSH is the only bit set, without the expected accompanying ACK
![neorouter port forwarding 32976 neorouter port forwarding 32976](https://technologyrss.com/wp-content/uploads/2018/05/tp-link-router-port-forwarding.png)
Iptables -A INPUT -p tcp -tcp-flags ACK,FIN FIN -j DROP # FIN is the only bit set, without the expected accompanying ACK Iptables -A INPUT -p tcp -tcp-flags FIN,RST FIN,RST -j DROP Iptables -A INPUT -p tcp -tcp-flags SYN,RST SYN,RST -j DROP Iptables -A INPUT -p tcp -tcp-flags SYN,FIN SYN,FIN -j DROP Iptables -A INPUT -p tcp -tcp-flags ALL NONE -j DROP Iptables -A INPUT -p icmp -icmp-type timestamp-request -j DROP Iptables -A INPUT -s $admin_ips -m state -state NEW -j ACCEPT