[Shadypastbrightfuture]

Hello Everyone,

Since past few days, my server is getting DDos attacks. The bandwidth of attacks is more than what my ISP can handle. I am creating some Firewall rules. if anyone can help me with it, i will really appreciate.

If you know some Firewall/Iptables rules, please let me know. If you know some Anti DDos tool which will work, please let me know.

I have a few questions if you can answer it.
1. What are the ports CS1.6 use except 27015(Game port) and 3306(MySQL) ?
2. What should be the recommended rate-limit for udp and tcp protocol ?
3. Does CS 1.6 use ICMP protocol? If yes, what is recommended rate limit? if
4. what could be the rate limit for tcp-syn ?


Below are some of the Iptables rules i have already tried but did not work.

iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 6000:6100 -j ACCEPT

iptables -A INPUT -p udp --dport 27015 -j ACCEPT
iptables -A INPUT -m string --string "HLBrute" --algo kmp -j DROP
iptables -A INPUT -m string --string "HLXBrute" --algo kmp -j DROP
iptables -A INPUT -p udp --dport 27015 -m u32 --u32 "0x19&0xff=0xfe" -j DROP

OS : Debian 10