I use something more complex: iptables -N UDPFILTER iptables -A INPUT -p udp -j UDPFILTER iptables -A UDPFILTER -j whitelist iptables -A UDPFILTER -m state --state ESTABLISHED -j ACCEPT iptables -A UDPFILTER -m state --state NEW -m hashlimit --hashlimit-mode dstip,dstport --hashlimit-name udplimit --hashlimit 300/second -j ACCEPT iptables -A UDPFILTER -j DROP
in my whitelist is the Steam master server IPs and the entire Valve IP block (via a netmask) It doesn't affect users once they are connected and it also doesn't affect HLSS (I had to experiment to find the right rate) Also the limit is per source IP and port not system-wide plus since I have other servers running on other ports I guess I can also add the length rules too and perhaps limit the chain to specific port ranges ( --dport 27000:27999, etc) G. On Sat, Feb 27, 2010 at 2:52 PM, xouk <[email protected]> wrote: > for linux server use this > iptables -A INPUT -p udp -m udp --dport 27015 -m length --length 39 -j DROP > iptables -A INPUT -p udp -m udp --dport 27015 -m length --length 28 -j > DROP > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
