How about something like this then? # Allow packets in the 564-1248 size range (on that port) ... iptables -A INPUT -p udp --dport 27015 -m length --length 564:1248 -j ACCEPT # Allow packets of exactly 53 size (on that port) ... iptables -A INPUT -p udp --dport 27015 -m length --length 53 -j ACCEPT # Drop other-size packages (on that port obviously) ... iptables -A INPUT -p udp --dport 27015 -j DROP
My default input in set to "DROP" anyway, so maybe that's redundant in my case, but thought it should be listed for other's reference. PS: Do these lengths apply to *both* HLDS and SRCDS servers? with the same size ranges? ______________________________________________________________ Re: [hlds_linux] NET_GetLong attacks Calvin Judy Tue, 03 Sep 2013 00:11:30 -0700 This would drop packets with a length of 53, which are generally standard source engine queries, so your server would never appear online. ----- Original Message ----- From: "Oskar Levin" <[email protected]> To: "'Half-Life dedicated Linux server mailing list'" <[email protected]> Sent: Tuesday, September 03, 2013 3:05 AM Subject: Re: [hlds_linux] NET_GetLong attacks You could do something like this, given that your INPUT chain has default ACCEPT. iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length 564:1248 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 27015 -j DROP -- Best regeards Oskar Levin _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
