Forum

> > CS2D > Servers > firewall Linux
ForenübersichtCS2D-Übersicht Servers-ÜbersichtEinloggen, um zu antworten

Englisch firewall Linux

15 Antworten
Zum Anfang Vorherige 1 Nächste Zum Anfang

alt firewall Linux

ead
User Off Offline

Zitieren
Hello everyone,

Want to know if you know any good method to help on DDoS attacks.

alt Re: firewall Linux

Ajmin
User Off Offline

Zitieren
@user ead: I already inserted a url in your old thread 4 the easiest way to drop udp packets!

alt Re: firewall Linux

ead
User Off Offline

Zitieren
And nice to have it also in the firewall?

1
iptables -A OUTPUT -p tcp -m length --length 0:28 -j DROP
1
iptables -A OUTPUT -p udp -m length --length 0:28 -j DROP
-
1
iptables -A FORWARD -p tcp -m length --length 0:28 -j DROP
1
iptables -A FORWARD -p udp -m length --length 0:28 -j DROP

alt Re: firewall Linux

ead
User Off Offline

Zitieren
What are the best to use iptables, on a linux server anyone know.

alt Re: firewall Linux

DC
Admin Off Offline

Zitieren
The minimum rule you should have is listed at
http://www.cs2d.com/security.php
It is very easy for attackers to kill your server if you aren't using this rule.

The other rules you posted are pointless. Especially the TCP rules. CS2D servers don't use TCP and the TCP header also doesn't have a size of 28 bytes so the 0:28 size range is simply wrong. The UDP output/forward rules seem okay but they are probably not necessary.

alt Re: firewall Linux

ead
User Off Offline

Zitieren
@user DC:
@user sheeL:

Thank'm already using these and other rules such as this to allow ping.

1
iptables -A INPUT -d IP Address -p icmp -j ACCEPT

This rule and good

alt Re: firewall Linux

tontonEd
User Off Offline

Zitieren
the server latency isn't a ping/icmp request.
it is the dalay time between the moment when you send the UDP packet and the moment when you receive it .
aka Round-trip delay time

alt Re: firewall Linux

DC
Admin Off Offline

Zitieren
The rule to accept the ICMP ping message is not necessary unless you have other rules which block it.

alt Re: firewall Linux

ead
User Off Offline

Zitieren
1
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 8 -j DROP

I tried to use the rule that the @user sheeL: spent but it blocks my FTP

∗ Then I have to take it to I access the FTP back.

I think this rule and good

alt Re: firewall Linux

tontonEd
User Off Offline

Zitieren
no it doesn't.
IMG:https://img4.hostingpics.net/thumbs/mini_513484ScreenShot123114at1252AM.png

that's what is happening in pratic:
Time1 - cs2d client : hey server here?
Time2 - cs2d client : what's your name?
Time3 - cs2d server : yes
Time4 - cs2d server : my name is blabla

latence = Time3 - Time1

alt Re: firewall Linux

DC
Admin Off Offline

Zitieren
@user ead: As user sheeL and me already stated: CS2D does NOT use TCP! So ANY rule which contains "-p tcp" will NOT affect CS2D. Neither in a good nor in a bad way. So if you're just talking about securing CS2D in this thread then you can simply skip and ignore ALL rules which contain "-p tcp". They are unrelated and won't help. Only rules which contain "-p udp" can affect CS2D.

alt Re: firewall Linux

ead
User Off Offline

Zitieren
I'm using the CSF for firewall and a VPS server and the CSF and good even for protection?
Zum Anfang Vorherige 1 Nächste Zum Anfang
Einloggen, um zu antworten Servers-ÜbersichtCS2D-ÜbersichtForenübersicht