Raised This Month: $ Target: $400
 0% 

[Linux] Source Query Proxy: DDoS Protection - Kernel redirection!


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
jeremyvillanueva
AlliedModders Donor
Join Date: Jan 2021
Location: dcord:Jeremy333#7632
Old 02-27-2021 , 13:30   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #19

I want to share this iptables

It works for my 93 tickrate server, btw it also blocks rcon listening

sudo iptables --flush
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -t raw -F
sudo iptables -t raw -X
sudo iptables -t security -F
sudo iptables -t security -X
sudo iptables -F
sudo iptables -X
sudo iptables --new-chain RATE-LIMIT
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -A INPUT -p udp --destination-port 27015 --jump RATE-LIMIT
sudo iptables --append RATE-LIMIT --match hashlimit --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-upto 93/sec --hashlimit-burst 20 --hashlimit-name conn_rate_limit --hashlimit-htable-expire 30000 --hashlimit-htable-max 65535 --jump ACCEPT
sudo iptables --append RATE-LIMIT --match limit --limit 1/sec --limit-burst 1 --jump LOG --log-prefix "IPTables-Dropped: "
sudo iptables --append RATE-LIMIT --jump DROP
sudo iptables -A INPUT -p tcp --destination-port 27015 -j DROP
jeremyvillanueva is offline
 



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 10:50.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode