Forum

> > CS2D > Servers > firewall Linux
Forums overviewCS2D overview Servers overviewLog in to reply

English firewall Linux

15 replies
To the start Previous 1 Next To the start

old firewall Linux

ead
User Off Offline

Quote
Hello everyone,

Want to know if you know any good method to help on DDoS attacks.

old Re: firewall Linux

Ajmin
User Off Offline

Quote
@user ead: I already inserted a url in your old thread 4 the easiest way to drop udp packets!

old Re: firewall Linux

ead
User Off Offline

Quote
And nice to have it also in the firewall?

1
iptables -A OUTPUT -p tcp -m length --length 0:28 -j DROP
1
iptables -A OUTPUT -p udp -m length --length 0:28 -j DROP
-
1
iptables -A FORWARD -p tcp -m length --length 0:28 -j DROP
1
iptables -A FORWARD -p udp -m length --length 0:28 -j DROP

old Re: firewall Linux

ead
User Off Offline

Quote
What are the best to use iptables, on a linux server anyone know.

old Re: firewall Linux

DC
Admin Off Offline

Quote
The minimum rule you should have is listed at
http://www.cs2d.com/security.php
It is very easy for attackers to kill your server if you aren't using this rule.

The other rules you posted are pointless. Especially the TCP rules. CS2D servers don't use TCP and the TCP header also doesn't have a size of 28 bytes so the 0:28 size range is simply wrong. The UDP output/forward rules seem okay but they are probably not necessary.

old Re: firewall Linux

ead
User Off Offline

Quote
@user DC:
@user sheeL:

Thank'm already using these and other rules such as this to allow ping.

1
iptables -A INPUT -d IP Address -p icmp -j ACCEPT

This rule and good

old Re: firewall Linux

tontonEd
User Off Offline

Quote
the server latency isn't a ping/icmp request.
it is the dalay time between the moment when you send the UDP packet and the moment when you receive it .
aka Round-trip delay time

old Re: firewall Linux

DC
Admin Off Offline

Quote
The rule to accept the ICMP ping message is not necessary unless you have other rules which block it.

old Re: firewall Linux

ead
User Off Offline

Quote
1
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 8 -j DROP

I tried to use the rule that the @user sheeL: spent but it blocks my FTP

∗ Then I have to take it to I access the FTP back.

I think this rule and good

old Re: firewall Linux

tontonEd
User Off Offline

Quote
no it doesn't.
IMG:https://img4.hostingpics.net/thumbs/mini_513484ScreenShot123114at1252AM.png

that's what is happening in pratic:
Time1 - cs2d client : hey server here?
Time2 - cs2d client : what's your name?
Time3 - cs2d server : yes
Time4 - cs2d server : my name is blabla

latence = Time3 - Time1

old Re: firewall Linux

DC
Admin Off Offline

Quote
@user ead: As user sheeL and me already stated: CS2D does NOT use TCP! So ANY rule which contains "-p tcp" will NOT affect CS2D. Neither in a good nor in a bad way. So if you're just talking about securing CS2D in this thread then you can simply skip and ignore ALL rules which contain "-p tcp". They are unrelated and won't help. Only rules which contain "-p udp" can affect CS2D.

old Re: firewall Linux

ead
User Off Offline

Quote
I'm using the CSF for firewall and a VPS server and the CSF and good even for protection?
To the start Previous 1 Next To the start
Log in to reply Servers overviewCS2D overviewForums overview