Raised This Month: $ Target: $400
 0% 

things to protect your game server


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
BrutalGoerge
AlliedModders Donor
Join Date: Jul 2007
Old 09-12-2009 , 20:03   Re: things to protect your game server
Reply With Quote #1

if you have linux, and shell access, nothing beats these iptables rules for rcon exploit protection
that way u block all tcp requests to the server, and have a white list of IP's that you allow to access rcon.

cmer is the one who originally posted it here.

eth0 assuming thats where ur internet lives

Code:
iptables -A INPUT -i eth0 -p tcp --dport 27015 -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 27015 -s My_ip -j ACCEPT

iptables-save > /etc/sysconfig/iptables
__________________
My Pluggies If you like, consider to me.

Last edited by BrutalGoerge; 09-12-2009 at 22:04.
BrutalGoerge is offline
Sir Jake
Senior Member
Join Date: Jan 2009
Old 09-30-2009 , 14:47   Re: things to protect your game server
Reply With Quote #2

Quote:
Originally Posted by BrutalGoerge View Post

cmer is the one who originally posted it here.

eth0 assuming thats where ur internet lives

Code:
iptables -A INPUT -i eth0 -p tcp --dport 27015 -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 27015 -s My_ip -j ACCEPT

iptables-save > /etc/sysconfig/iptables

Shouldn't Accept be before drop?
Sir Jake is offline
Timiditas
Senior Member
Join Date: Apr 2009
Old 10-05-2009 , 20:54   Re: things to protect your game server
Reply With Quote #3

Quote:
Originally Posted by BrutalGoerge View Post
if you have linux, and shell access, nothing beats these iptables rules for rcon exploit protection
that way u block all tcp requests to the server, and have a white list of IP's that you allow to access rcon.

cmer is the one who originally posted it here.

eth0 assuming thats where ur internet lives

Code:
iptables -A INPUT -i eth0 -p tcp --dport 27015 -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 27015 -s My_ip -j ACCEPT

iptables-save > /etc/sysconfig/iptables
This should have been built straight into the source engine!


/me wonders if this could be hacked in by an extension... most gameserver hosts do not allow shell access
__________________


Last edited by Timiditas; 10-05-2009 at 20:57.
Timiditas is offline
cmer
Member
Join Date: Apr 2009
Old 10-08-2009 , 02:57   Re: things to protect your game server
Reply With Quote #4

If you have the opportunity to manage your firewalls there is also the rule

Code:
# Creation chaine rejet du flood udp 28
iptables -N REJECT_FLOOD28
iptables -A REJECT_FLOOD28 -j LOG --log-prefix 'IPTABLES-FLOOD LENGTH 28: ' --log-level info
iptables -A REJECT_FLOOD28 -j DROP

# Drop des flood longueur paquet sur UDP
iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length 28 -j REJECT_FLOOD28
iptables -A INPUT -i eth0 -p udp --dport 27025 -m length --length 28 -j REJECT_FLOOD28
iptables -A INPUT -i eth0 -p udp --dport 27050 -m length --length 28 -j REJECT_FLOOD28
iptables -A INPUT -i eth0 -p udp --dport 28000 -m length --length 28 -j REJECT_FLOOD28
iptables -A INPUT -i eth0 -p udp --dport 29000 -m length --length 28 -j REJECT_FLOOD28


# Creation chaine rejet du flood udp 46
iptables -N REJECT_FLOOD46
iptables -A REJECT_FLOOD46 -j LOG --log-prefix 'IPTABLES-FLOOD LENGTH 46: ' --log-level info
iptables -A REJECT_FLOOD46 -j DROP

# Drop des flood longueur paquet sur UDP
iptables -A INPUT -i eth0 -p udp --dport 27015 -m length --length 46 -j REJECT_FLOOD46
iptables -A INPUT -i eth0 -p udp --dport 27025 -m length --length 46 -j REJECT_FLOOD46
iptables -A INPUT -i eth0 -p udp --dport 27050 -m length --length 46 -j REJECT_FLOOD46
iptables -A INPUT -i eth0 -p udp --dport 28000 -m length --length 46 -j REJECT_FLOOD46
iptables -A INPUT -i eth0 -p udp --dport 29000 -m length --length 46 -j REJECT_FLOOD46
you have the ip of the people you DDOS in /var/log/message and someone will drop the firewalls
__________________


cmer is offline
Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 18:25.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode