Please be advised. If not locally connected --flush, will sever your SSH connection and the only way in is serial console if installed. It also will disable everything network like web server, DNS, and MAIL. Make a bash script or better just lay out the rules without flush.
Quote:
Originally Posted by jeremyvillanueva
I want to share this iptables
It works for my 93 tickrate server, btw it also blocks rcon listening
sudo iptables --flush
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -t raw -F
sudo iptables -t raw -X
sudo iptables -t security -F
sudo iptables -t security -X
sudo iptables -F
sudo iptables -X
sudo iptables --new-chain RATE-LIMIT
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -A INPUT -p udp --destination-port 27015 --jump RATE-LIMIT
sudo iptables --append RATE-LIMIT --match hashlimit --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-upto 93/sec --hashlimit-burst 20 --hashlimit-name conn_rate_limit --hashlimit-htable-expire 30000 --hashlimit-htable-max 65535 --jump ACCEPT
sudo iptables --append RATE-LIMIT --match limit --limit 1/sec --limit-burst 1 --jump LOG --log-prefix "IPTables-Dropped: "
sudo iptables --append RATE-LIMIT --jump DROP
sudo iptables -A INPUT -p tcp --destination-port 27015 -j DROP
|
__________________