Applying P2P iptables

iptables is a utility that allows system admins to configure IP packet filtering rules for Linux’s kernel firewall. These rules are organized in separate tables and determine how to treat network packets. Using iptables is highly recommended and shouldn’t be overlooked unless required by your system’s architecture and/or you’re aware of the security implications.


Using iptables is highly recommended. Be aware that Mainsail can implement multiple API endpoints, and you should consider applying the iptables script to each of them.

The iptables Script

The iptables script offers additional protection for Mainsail and Mainsail API nodes by using standard firewall tools to rate-limit certain connections.


  • Parallel/simultaneous P2P connections are restricted to a total of 10 per IP address; this number can be adjusted using the P2P_GLOBAL_CONN script variable.
  • Global connections are limited to 4 NEW connections per 30-second interval.

Script Usage

Command Execution
start bash start
stop bash stop
restart bash restart
status bash status

Running the Script

Download and execute the iptables script using the following commands:

1wget -N

Edit the iptables script an use correct settings.

1nano ./

Enable iptables:

1bash ./ start


Edit the iptables script an review setting.

1nano ./
Option Description
P2P_GLOBAL Provide correct p2p PORT number. Correct setting might be different than default value.
P2P_GLOBAL_CONN Number of connection when the 4 connections per 30 seconds limit is activated.
DOCKER Set to true if docker image is used.

Creating a cron job

Because the filtering initiated by the iptables script does not persist after a system reboot, you should also consider adding the script to a cron job.

  1. edit the crontab file (choose the ‘nano’ editor when prompted):

    1crontab -e
  2. add the following line to the end of the crontab file:

    1@reboot bash ~/ start
  3. save the changes and exit:

    1ctrl + x
    3# press 'y' then 'enter' to confirm
  4. apply the permissions:

    1sudo bash -c "echo \"$USER ALL=(ALL) NOPASSWD:/sbin/p2p-iptables\" >> /etc/sudoers"


Failing to apply permissions will prevent the iptables script from executing after a system reboot.

Last updated 1 month ago
Edit Page