Using hashlimit will certainly cause UDP packets to be erroneously dropped. UDP is stateless, however iptables counters this with the hashlimit module to create a hash based on the header of the packet to try and match it to a 'connection' or a sequence of UDP packets. srcds is UDP based, 130/s will probably cause packets to be dropped.
On Wed, Oct 7, 2015 at 3:49 AM, Левинчук Федор <[email protected]> wrote: > I`m reading iptables man > > *hashlimit* > > it`s limit like -limit key but create different query for each host > for SRCDS it will limit packages for one connection? > > for ex in > > net_channels > - remote IP: 79.105.25.42:27005 > - online: 14:00 > - reliable: available > - latency: 0.1, loss 0.00 > - packets: in 62.8/s, out 64.5/s > - choke: in 0.52, out 0.00 > - flow: in 9.5, out 22.4 kB/s > - total: in 7.7, out 19.8 MB > > NetChannel 'psch': > - remote IP: 94.245.190.164:27005 > - online: 07:16 > - reliable: available > - latency: 0.1, loss 0.00 > - packets: in 128.6/s, out 130.0/s > - choke: in 0.00, out 0.00 > - flow: in 20.6, out 43.5 kB/s > - total: in 8.2, out 19.4 MB > my servers has 128 tiks > > and if I make > > > IPTABLES -A INPUT -p udp --dport 27015:27540 -m state --state NEW -m > hashlimit --hashlimit-mode srcip --hashlimit-upto 130/s -j ACCEPT > IPTABLES -A INPUT -p udp --dport 27015:27540 -j DROP > > it will pass normal players connect and drop if more then 130 packages in > secoond for each? or i mistaking? > > 06.10.2015, 09:34, "Calvin J" <[email protected]>: > > :\ > > sv_max_queries_sec 15 > > On 10/5/2015 7:26 PM, Левинчук Федор wrote: > > ok thx, i`ll bring it to default > description of this cvar is not clear > I tested with sv_max_queries_sec "2.0" at console saw lines of limitations > for my HLSW queries, thought it some kind of protection, and if cvar lower > is better > > Now i thinking maybe there are commands that increase IO operations? like > it was with "sound_test" ? > > > -- > Calvin Judy > Founder & CEO > PH#: (843) 410-8486 > Mail: [email protected] > , > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
