For anyone still stressing on this issue I have found a solution. Here is a ruby script I use to block A2S attacks.
PHP Code:
#!/usr/bin/env ruby
#Path to iptables
iptables = 'sudo /sbin/iptables'
#Servers we want to enter in to the firewall
servers = [
{:ip => '127.0.0.1',
:ports => [ 27013, 27014, 27015, 27016, 27017, 27018, 27019, 27025 ]},
{:ip => '127.0.0.1',
:ports => [ 27013, 27014, 27015, 27016, 27017, 27018, 27019, 27025 ]}
]
#clear old stuff
`#{iptables} -F`
### default rule for established connections
`#{iptables} -A OUTPUT -m state --state established,related -j ACCEPT`
`#{iptables} -A INPUT -m state --state established,related -j ACCEPT`
###
### put ips you want to allow bypassing all these rules here
#`#{iptables} -A INPUT -s myip -j ACCEPT`
#`#{iptables} -A INPUT -s my_ip -j ACCEPT`
##
### local connections
`#{iptables} -A INPUT -s 127.0.0.1 -j ACCEPT`
#
#
servers.each do |server|
ip = server[:ip]
server[:ports].each do |port|
`#{iptables} -A INPUT -p udp -m udp --dport #{port} -m string --algo bm --hex-string '|ffffffff54|' -m limit --limit 15/s --limit-burst 10 -j ACCEPT`
`#{iptables} -A INPUT -p udp -m udp --dport #{port} -m string --algo bm --hex-string '|ffffffff|' -m limit --limit 15/s --limit-burst 10 -j ACCEPT`
`#{iptables} -A INPUT -p udp -m udp --dport #{port} -m string --algo bm --hex-string '|ffffffff|' -m limit --limit 1/s --limit-burst 1 -j ULOG --ulog-nlgroup 1 --ulog-prefix \"SOURCE UDP FLOOD #{port}\"`
`#{iptables} -A INPUT -p udp -m udp --dport #{port} -m string --algo bm --hex-string '|ffffffff54|' -m limit --limit 1/s --limit-burst 1 -j ULOG --ulog-nlgroup 1 --ulog-prefix \"SOURCE UDP FLOOD #{port}\"`
`#{iptables} -A INPUT -p udp -m udp --dport #{port} -m string --algo bm --hex-string '|ffffffff54|' -j DROP`
`#{iptables} -A INPUT -p udp -m udp --dport #{port} -m string --algo bm --hex-string '|ffffffff|' -j DROP`
end
end
__________________