Author: Not specified Language: text
Description: Not specified Timestamp: 2013-06-20 17:58:24 +0000
View raw paste Reply
  1. # create chain
  2. /sbin/iptables -N quake3_ddos
  3.  
  4. # accept real client/player traffic
  5. /sbin/iptables -A quake3_ddos -m u32 ! --u32 "0x1c=0xffffffff" -j ACCEPT
  6.  
  7. # match "getstatus" queries and remember their address
  8. /sbin/iptables -A quake3_ddos -m u32 --u32 "0>>22&0x3C@ 12=0x67657473 && 0>>22&0x3C@  16=0x74617475" -m recent --name getstatus --set
  9. /sbin/iptables -A quake3_ddos -m u32 --u32 "0>>22&0x3C@ 12=0x67657469 && 0>>22&0x3C@  16&0xFFFFFF00=0x6e666f00"  -m recent --name getinfo --set
  10.  
  11.  
  12. # drop packet if "hits" per "seconds" is reached
  13. #
  14. # NOTE: if you run multiple servers on a single host, you will need to higher these limits
  15. # as otherwise you will block regular server queries, like Spider or QConnect
  16. # e.g. they will query all of your servers within a second to update the list
  17. /sbin/iptables -A quake3_ddos -m recent --update --name getstatus --hitcount 20 --seconds 2 -j DROP
  18. /sbin/iptables -A quake3_ddos -m recent --update --name getinfo --hitcount 20 --seconds 2 -j DROP
  19.  
  20.  
  21. /sbin/iptables -A INPUT -p UDP -m length --length 42 -m recent --set --name getstatus_game
  22. /sbin/iptables -A INPUT -p UDP -m length --length 42 -m recent --set --name getinfo_game
  23. /sbin/iptables -A INPUT -p UDP -m string --algo bm --string "getstatus" -m recent --update --seconds 2 --hitcount 20 --name getstatus_game -j DROP
  24. /sbin/iptables -A INPUT -p UDP -m string --algo bm --string "getinfo" -m recent --update --seconds 2 --hitcount 20 --name getstatus_game -j DROP
  25.  
  26. # accept otherwise
  27. /sbin/iptables -A quake3_ddos -j ACCEPT
  28.  
  29. #
  30. #
  31. # finally insert the chain as the top most input filter
  32.  
  33. # single server
  34. # iptables -I INPUT 1 -p udp --dport 27960 -j quake3_ddos
  35.  
  36. # multiple servers
  37. /sbin/iptables -I INPUT 1 -p UDP --destination-port 27950 -j quake3_ddos
  38. /sbin/iptables -I INPUT 1 -p UDP --destination-port 27960 -j quake3_ddos
  39. /sbin/iptables -I INPUT 1 -p UDP --destination-port 27961 -j quake3_ddos
  40. /sbin/iptables -I INPUT 1 -p UDP --destination-port 27962 -j quake3_ddos
View raw paste Reply