[Mavrick4283]

Ya it is, i have used port knocking set up's before but in the end for my game servers i found it to be 2 much. I like to be able to ssh from my droid or any where i can grab a shell I just have a Iron Key USB drive with my pub key on it.

[sake]

Yeah. We will see, what I do in the future .

[Mavrick4283]

https://forums.alliedmods.net/showthread.php?t=166037

Told you i do another tut for non iptable stuff

[sake]

Hmm Thanks for that. Looks like I have some work to do (Especially the jails).

[mehmetali]

Hey, good tutorial

I block tcp 27015 port, but gameme stats is broken. rank top10 commands unavailable

How to allow some IP addresses can only to 27015 tcp port, gameme whether to allow the ip address, I will provide the statistics to work

Thanks

[Mavrick4283]

Quote:

Originally Posted by mehmetali Hey, good tutorial I block tcp 27015 port, but gameme stats is broken. rank top10 commands unavailable How to allow some IP addresses can only to 27015 tcp port, gameme whether to allow the ip address, I will provide the statistics to work Thanks

This tut was meant for new admin to get a start on there firewalls i put up all the docs that you need. But scene gameme is used by ALOT of people.


iptables -A INPUT -s <Gameme ipaddresses> --jump ACCEPT


Edit: the info for Game ME firewall rules can be found here. http://www.gameme.com/docs/setup/firewall

[mehmetali]

Thanks so much

[sake]

About the Portknocking stuff:

I want to protect RCON via Portknocking. But the thing is that I don't know which of the ports has to do with it. I've tried 27015/tcp but didn't work.

knockd.conf:

PHP Code:

  1 [options]
  2     logfile = /var/log/knockd.log
  3
  4 [openSSH]
  5     sequence    = xxxxxxxxxxx,xxxxxxxxxx,xxxxxxxx
  6     seq_timeout = 5
  7     start_command     = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport xxxxxxxx -j ACCEPT
  8     tcpflags    = syn
  9     cmd_timeout = 60
 10     stop_command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport xxxxxxxxx -    j ACCEPT 


What i did to this is that i copied the whole openSSH stuff and renamed it to RCON, changed the ports and adjusted the port in the start and stopcommand to 27015. But it didn't work out, because even after deleting 27015 out of the iptables/ufw-firewall I could connect via HLSW without even knocking the tiniest bit .

[Mavrick4283]

Try this

Code:

[options]
    logfile = /var/log/knockd.log
[RCON 27015]
    sequence      = 1:udp,2:tcp,3:udp
    seq_timeout   = 15
    tcpflags      = syn,ack
   start_command      = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 27015 -j ACCEPT
    cmd_timeout        = 5
    stop_command       = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 27015 -j ACCEPT

You also have to make sure that you are not allowing traffic in your firewall to start with or this has no effect.

Type

Code:

iptables -L

And see if you are allowing TCP traffic to your game server ( AKA Rcon traffic)

If you are still having problems please post or PM your entire firewall CFG

[sake]

Okay. will try this. Thanks .