[cod] CoD4- UDP fllod
John
lists.cod at nuclearfallout.net
Wed Feb 29 03:28:45 EST 2012
On 2/28/2012 11:17 PM, John wrote:
> On 2/28/2012 11:00 PM, RedDragon wrote:
>> are there some iptable rules wich blocks these shit completely
>> without any restrictions to rcon tools?
>
> Anything that does excessive getstatus queries will (and should) be
> blocked with any effective solutions, regardless of the tool behind
> those queries.
>
> If you have problems with one of your query tools sending too many
> queries per second and becoming blocked, you can bump up the limit in
> the iptables rules, and they'll still probably work just fine. Most
> attacks send in excess of 50 queries per second, so the default rules
> are very conservative. Just tweak the number to what works well for
> you, based on the attacks that you see and the tools that you run.
> (Your tools really should not be sending "getstatus" many times per
> second, though.)
Also, you could whitelist a specific IP by inserting a rule that skips
the other checks on it. After adding the rest of the rules, something like:
iptables -I INPUT -s your.ip.address -j ACCEPT
-John
More information about the cod
mailing list