Fail2ban helps. Malformed packets can be
tagged for later control.
server.cfg
Default hlds settings.
//max_queries_sec : 3
//max_queries_sec_global : 30
//max_queries_window : 60
max_queries_sec 2
max_queries_sec_global 15
max_queries_window 30
Easy test.
Refresh server a bunch of times one will see "...was blocked for exceeding rate limits"
/etc/fail2ban/filter.d/gearbox.conf
Code:
# Fail2Ban filter for ddos for GoldSrc
#
#
[Definition]
failregex = : Traffic from <HOST>:(\d{1,5}) was blocked for exceeding rate limits
ignoreregex =
[Init]
datepattern = %%m/%%d/%%Y - %%H:%%M:%%S
# Author: SPiNX March 2020
jail.local
Code:
[hlds-ddos]
enabled = true
maxretry = 50
findtime = 100
bantime = 900
logpath = /var/log/messages
tcpport = 27005,27015,27016,27017,27018,27019,27020.27030
udpport = 27005,27015,27016,27017,27018,27019,27020,27030
action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
[gearbox]
enabled = true
maxretry = 2
bantime = 1800
findtime = 10
logpath = /home/TUT/Steam/steamapps/common/Half-Life/cstrike/qconsole.log
/home/TUT/Steam/steamapps/common/Half-Life/dod/qconsole.log
/home/TUT/Steam/steamapps/common/Half-Life/gearbox/qconsole.log
banaction = %(banaction_allports)s
Be sure to pay attention to or
rotate qconsole.log it gets big fast.
https://developer.valvesoftware.com/...d_Line_Options
-condebug - Stores console output to "Half-Life\qconsole.log".
fail2ban-client status
Code:
Status
|- Number of jail: 6
`- Jail list: gearbox, hlds-ddos, nginx-botsearch, nginx-http-auth, nginx-limit-req, sshd
Nobody even bothers anymore. Earlier this year it was very active banning bad guys.
fail2ban-client status hlds-ddos
Code:
Status for the jail: hlds-ddos
|- Filter
| |- Currently failed: 3
| |- Total failed: 18841
| `- File list: /var/log/messages
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list: