You could do something like this, given that your INPUT chain has default ACCEPT.
iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length 564:1248 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 27015 -j DROP -- Best regeards Oskar Levin -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Weasel Sent: den 3 september 2013 14:55 To: [email protected] Subject: Re: [hlds_linux] NET_GetLong attacks If the "Valid Size" is always in the range 564-1248, is there a way to have IP tables block anything that is EITHER above or below that size limit? or will that interfere with the game? (i.e. are there other LEGIT game-related packets outside the range to be expected?). ______________________________________________________ Re: [hlds_linux] NET_GetLong attacks Calvin Judy Mon, 02 Sep 2013 03:09:16 -0700 Rating limiting the a2s queries will still make the server appear offline, if you read your log that you posted, it gives you the size, and the acceptable size, you should be able to tailor a rule to fit your needs. Log: NET_GetLong: Split packet from 157.208.132.148:54712 with invalid split size (number 99/ count 114) where size 8293 is out of valid range [564 - 1248 ] NET_GetLong: Split packet from 61.52.31.78:45086 with invalid split size (number 99/ count 114) where size 8293 is out of valid range [564 - 1248 ] Size: 8293 Valid Size: 564-1248 Rule: iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length 8293 -j DROP Make sure you also update the destination port if it's different. (I just tried this rule on my machine and it's working.) _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
