Block ddos steam Fail2Ban - Page 2

Knight Vision Systems · **Author**

Group,

I'm trying to understand 1) how to implement this, 2) how this works.

In the IP Tables rules, the following is presented,

Code:

iptables -A INPUT -i eth0 -p udp --dport your_port -m length --length 28 -j REJECT_FLOOD28

Does the "your_port" part mean, the ports which my game servers are on? For example, 27015, 27016, etc?

Also, what part does the fail2ban program play in the equation?

Much thanks in advance!
Knight
Knight Vision Systems
http://www.knightvisionsystems.com

Ubunter · 11-17-2013 , 13:35 Re: Block ddos steam Fail2Ban

Quote:

Originally Posted by Knight Vision Systems

Group,

Code:

iptables -A INPUT -i eth0 -p udp --dport your_port -m length --length 28 -j REJECT_FLOOD28

Does the "your_port" part mean, the ports which my game servers are on? For example, 27015, 27016, etc?

Hi, sorry for late intervention, i just was googling, and arrived here...

Yes, here is to monitorize the port, but I have removed the port, to monitorize all, even, in my server I have just 5060, and 443 open... But I did:

Quote:

iptables -A INPUT -i eth0 -p udp -m length --length 28 -j

But I have a question:

In the jail conf, I'm missing the action, dose the action should be to deliver back to the iptables?? I have did:

Quote:

[ddos]
enabled = true
#port = 27015,27025,27050,28000,29000 ## I comminted out the port, to monitor all ports!
protocol = udp
filter = ddos
logpath = /var/log/messages
maxretry = 2
bantime = 60000
action = iptables[name=ddos-404-SLT] ## Dose this action here is correct??

Thank you in advance!

shady2k2 · 11-04-2009 , 01:36 Re: Block ddos steam Fail2Ban

it works on debian??

Darkthrone · 07-14-2010 , 22:43 Re: Block ddos steam Fail2Ban

for ubuntu 10.04

this line

Code:

logpath = /var/log/messages.log

should be

Code:

logpath = /var/log/messages

Mavrick4283 · 07-15-2010 , 21:19 Re: Block ddos steam Fail2Ban

Thank you for the tut

sphinx · 08-03-2010 , 13:06 Re: Block ddos steam Fail2Ban

the ddos.conf content as shown in this thread prevents fail2ban to start.
is anybody having a working ddos.conf?

Darkthrone · 08-04-2010 , 14:12 Re: Block ddos steam Fail2Ban

my ddos.conf is same as in the first post, and it works just fine
you should change IN=eth0 to your own external interface, or interface where is server you running

sphinx · 08-05-2010 , 02:30 Re: Block ddos steam Fail2Ban

Code:

[Definition]

failregex = IPTABLES-FLOOD LENGTH (28|48): IN=eth0:0 OUT= MAC=[a-zA-F0-9:]+ SRC=<HOST> DST=([0-9]{1,3}\.?){4} LEN=28

fail2ban still fail to start with this ddos.conf

Darkthrone · 08-05-2010 , 18:03 Re: Block ddos steam Fail2Ban

check your fail2ban.log

sphinx · 08-06-2010 , 01:25 Re: Block ddos steam Fail2Ban

nothing in /var/log/fail2ban.log