> does this not work? > iptables -I INPUT -p udp -m length --length 0 -j DROP
I was doing some reading about this last night. One of our servers filled up right after one of the updates (we use nemrun so we tend to get the updates really quick) -- but after 15-20 minutes the server crashed. Knowing now (or at least word seems to be) that there was apparently a problem with mp_falldamage being enabled causing a server crash as a result of one of these updates, I'm less inclined to think it was someone exploiting this server, however I did read over those posts linked a few posts back in this thread, and just in case, I added this firewall rule to my "udp coming in from the external interface" chain: iptables -A INPUT -p udp --dport 27015:27034 -m length --length 0:28 -j DROP ahead of the -j ACCEPT rule that accepts UDP traffic on those ports. The idea being that for any of the destination ports 27015-27034 (the range of ports any of our gameservers run on plus a few extras etc.), any UDP packets 28 bytes or smaller will be dropped. I did also see someone mention using --length 0:32, meaning any packet 32 bytes or smaller, but not 100% sure that is OK. Anyway, the syntax above shows how you can have 1 rule that covers all of the ports for your servers (adjust 27015 and 27034 as needed for your setup) and a RANGE of sizes, iptables seemed happy enough with the syntax here. PharaohsPaw _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
