Re: [hlds_linux] Iptables Rule list

Thu, 03 Jun 2010 03:30:14 -0700 

this is what I use to use when I ran a server
btw: $IPTABLES = /sbin/iptables (or wherever your iptables is)

$IPTABLES -N UDPFILTER
$IPTABLES -A INPUT -p udp -j UDPFILTER
$IPTABLES -A UDPFILTER -j whitelist
$IPTABLES -A UDPFILTER -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A UDPFILTER -m state --state NEW -m hashlimit --hashlimit-mode
dstip,dstport --hashlimit-name udplimit --hashlimit 300/second -j ACCEPT
$IPTABLES -A UDPFILTER -j DROP


"whitelist" is a table that contained "whitelisted" IP's and stuff (usually,
I have the Valve Master Servers in there as well as my own, etc.

Anyways, the rules say that it limits the number of new connections (per ip
per port) to 300 a second...which from my testing never affected game play
nor voice chat.

Use and modify to your heart's content.

G.

On Thu, Jun 3, 2010 at 3:22 AM, Daniel Nilsson <[email protected]>wrote:

> This perhaps if noone has any better:
>
>
> |iptables -N logattacker
> $IPT -A INPUT -p udp -m udp --dport 27015 -m length --length 0:32 -j
> logattacker
> $IPT -A logattacker -j LOG --log-prefix "SRCDS:ATTACK: "
> --log-ip-options -m limit --limit 2/sec
> $IPT -A logattacker -j DROP|
>
>
>
> ///Daniel
>
>
>
>
>
> Philipp Reddigau skrev 2010-06-03 12:10:
> > Hi,
> > i was wondering about many new flood attacks to our CSS Servers today.
> > each 3rd time banning someone the server will be flooded...
> >
> > Have someone a list of iptables rules?
> >
> > best regards,
> > Philipp
> >
> >
> >
> > _______________________________________________
> > To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Reply via email to