Board index Call of Duty 1 Game Files & Downloads | Scripts Server scripts Secure linux game server (cod1,2,4)

Secure linux game server (cod1,2,4)


Admin Avatar
Администратор
Администратор

Posts: 239
Topics: 56
Location: Ненасытные пески будних дней.

Linux server protecting iptables.


#Getstatus flood protect
iptables -A INPUT -A OUTPUT -p UDP -m length --length 1162:1168 -j DROP
iptables -A INPUT -A FORWARD -p UDP -m length --length 1162:1168 -j DROP
iptables -A INPUT -A INPUT -p UDP -m length --length 1162:1168 -j DROP
iptables -A INPUT -p udp -m length --length 42 -m recent --set --name getstatus_cod
iptables -A INPUT -p udp -m string --algo bm --string "getstatus" -m recent --update --seconds 1 --hitcount 20 ---name getstatus_cod -j DROP

#Kick fake connections
iptables -A INPUT iptables -A INPUT -m string --algo bm --string "connect" -m recent --set --name CONNECT
iptables -A INPUT iptables -A INPUT -m recent --update --seconds 1 --hitcount 2 --name CONNECT -j REJECT --reject-with icmp-port-unreachable

#q3msgboom  exploit fix (28960 change to your server port)
iptables -A INPUT iptables -A INPUT -p udp --dport 28960 -m length --length 600:0xFFFF -j DROP

#sprintf() exploit fix (28960 change to your server port)
iptables -A INPUT -p udp --dport 28960 -m length --length 1000:2000 -j REJECT

Post #2 16.03.2016, 19:29
LaRocca Avatar
VIP
VIP

Posts: 25
Topics: 3

# 3 connections limit for one ip adress to port 28960 (Quake 3 engine fake players fix)
iptables -A INPUT -p udp --dport 28960 -m connlimit --connlimit-above 3 -j DROP

Post #3 08.03.2017, 22:18

Posts: 0
2 little Mistakes:
#Kick fake connections
[color=#FF0000]iptables -A INPUT iptables -A INPUT[/color] -m string --algo bm --string "connect" -m recent --set --name CONNECT
[color=#FF0000]iptables -A INPUT iptables -A INPUT[/color] -m recent --update --seconds 1 --hitcount 2 --name CONNECT -j REJECT --reject-with icmp-port-unreachable

2 times "iptables -A INPUT"

# 3 connections limit for one ip adress to port 28960 (Quake 3 engine fake players fix)
iptables -A INPUT -p udp --dport 28960 -m connlimit --connlimit-above 3 -j DROP

Is not needed bcs of
#Kick fake connections
iptables -A INPUT iptables -A INPUT -m string --algo bm --string "connect" -m recent --set --name CONNECT
iptables -A INPUT iptables -A INPUT -m recent --update --seconds 1 --hitcount 2 --name CONNECT -j REJECT --reject-with icmp-port-unreachable


Return to Server scripts

cron