So, Maybe someone has more here the actual list: Specific length: iptables -A INPUT -p udp -m udp --dport 27015:29000 -m length --length 0 -j DROP iptables -A INPUT -p udp -m udp --dport 27015:29000 -m length --length 28 -j DROP iptables -A INPUT -p udp -m udp --dport 27015: 29000 -m length --length 39 -j DROP iptables -A INPUT -p udp -m udp --dport 27015: 29000 -m length --length 48 -j DROP iptables -A INPUT -p udp -m udp --dport 27015: 29000 -m length --length 105 -j DROP
Prevent Rcon Flood: iptables -A INPUT -p tcp -m tcp --dport 27015:29000 -m hashlimit --hashlimit-upto 2/sec --hashlimit-burst 1 --hashlimit-mode srcip,dstip,dstport --hashlimit-name TF_PACKET_LIMIT -j ACCEPT Generic UDP Flood: iptables -A whitelist -s 72.165.61.128/26 -j ACCEPT iptables -A whitelist -s 72.165.61.153/26 -j ACCEPT iptables -A whitelist -s 216.207.205.99/26 -j ACCEPT iptables -A whitelist -s 216.207.205.98/26 -j ACCEPT iptables -N UDPFILTER iptables -A INPUT -p udp -j UDPFILTER iptables -A UDPFILTER -j whitelist iptables -A UDPFILTER -m state --state ESTABLISHED -j ACCEPT iptables -A UDPFILTER -m state --state NEW -m hashlimit --hashlimit-mode dstip,dstport --hashlimit-name udplimit --hashlimit 300/second -j ACCEPT iptables -A UDPFILTER -j DROP Reject dead Masterserver: (Server is starting faster) iptables -A OUTPUT -d 68.142.88.34/32 -p tcp -m tcp --dport 27038 -j REJECT --reject-with icmp-port-unreachable Something more? _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
