firewall rule could be adjusted to this: iptables -t nat -A PREROUTING -p udp -d SERVER_IP --dport SERVER_PORT -m string --algo kmp --string 'TSource Engine Query' -m length --length 53 -j REDIRECT --to-port 21015
As for the rate limit... I don't think this is a good idea, because setting such a limit will make the server disappear from the browser list for legit clients. And if you have a good connection, you probably will not notice the traffic increase anyway. 2009/9/6 Ronny Schedel <i...@ronny-schedel.de> > > I forgot an important part, your query proxy has still no rate limit. It > can > be used to flood spoofed IP's. > > > > Hi, > > > > If you are on the hlds windows mailing list, then you probably already > > know > > about A2S_INFO DDOS attacks. I have mistakenly posted a *fix* on the list > > for *nix servers which I should have posted here. > > > > In short: > > If your server gets ddosed with A2S_INFO packets, it will get really > > laggy. > > Setting sv_max_queries_sec to a low value will make the server disappear > > from the server browser list. I'm providing you with a UDP Caching Proxy > > which will query the server with A2S_INFO requests not more than once in > a > > five seconds and respond to the client with the cached data. > > > > Setup: > > 1. Get the source from http://www.gign.lv/tmp/querycache.c > > 2. Compile with gcc querycache.c -o querycache > > 3. Open an UDP port in firewall for the proxy server, lets say 21015 > > 4. Make sure you have iptables NAT, REDIRECT and string match support > > compiled into kernel or as modules > > 5. execute: iptables -t nat -A PREROUTING -p udp -d > > YOUR_EXTERNAL_TF2_SERVER_IP --dport YOUR_SERVER_PORT -m string --algo kmp > > --string 'TSource Engine Query' -j REDIRECT --to-port 21015 > > 6. Run querycache (probably under screen, so you can detach from it) > > > > I've been ddosed with about 300req/sec and it works good, however I don't > > give any warranty that it will work for you. > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
