Seems interesting if i understand it will drop everypacket abowe the set --hashlimit.
//Daniel Gene Hardesty skrev: > I use something more complex: > > iptables -N UDPFILTER > iptables -A INPUT -p udp -j UDPFILTER > iptables -A UDPFILTER -j whitelist > iptables -A UDPFILTER -m state --state ESTABLISHED -j ACCEPT > iptables -A UDPFILTER -m state --state NEW -m hashlimit --hashlimit-mode > dstip,dstport --hashlimit-name udplimit --hashlimit 300/second -j ACCEPT > iptables -A UDPFILTER -j DROP > > in my whitelist is the Steam master server IPs and the entire Valve IP block > (via a netmask) > It doesn't affect users once they are connected and it also doesn't affect > HLSS (I had to experiment to find the right rate) > Also the limit is per source IP and port not system-wide plus since I have > other servers running on other ports > > I guess I can also add the length rules too and perhaps limit the chain to > specific port ranges > ( --dport 27000:27999, etc) > > G. > > On Sat, Feb 27, 2010 at 2:52 PM, xouk <[email protected]> wrote: > > >> for linux server use this >> iptables -A INPUT -p udp -m udp --dport 27015 -m length --length 39 -j DROP >> iptables -A INPUT -p udp -m udp --dport 27015 -m length --length 28 -j >> DROP >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4902 (20100228) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > __________ Information from ESET NOD32 Antivirus, version of virus signature database 4909 (20100302) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
