Login

lhffan · 02-13-2011, 12:56 AM

Perhaps this is the wrong forum to post this into. Then feel free to move the topic to its proper place.

Not srcds related but related to security of my box, running new debian 6.0

gcc (Debian 4.4.5-8) 4.4.5
ldd (Debian EGLIBC 2.11.2-10) 2.11.2

kernel:
2.6.33.5-zen3-ub-1000hz
from: http://www.ulrich-block.de/

when i execute this script to limit packets

Code:

# Ports Game - SRCDS + SourceTV + Query

GPORTS='

        27015:30095

'

# Drop DOS exploit packages for SRCDS games

for i in $GPORTS

do

        `$IPTABLES -A INPUT -m udp -p udp --dport $i -m string --algo bm --hex-string '|ffffffff54|' -m limit --limit 1/s --limit-burst 1 -j ACCEPT`

        `$IPTABLES -A INPUT -m udp -p udp --dport $i -m string --algo bm --hex-string '|ffffffff54|' -j DROP`

        `$IPTABLES -A INPUT -m udp -p udp --dport $i -m string --algo bm --hex-string '|ffffffff55|' -m limit --limit 1/s --limit-burst 1 -j ACCEPT`

        `$IPTABLES -A INPUT -m udp -p udp --dport $i -m string --algo bm --hex-string '|ffffffff55|' -j DROP`

        `$IPTABLES -A INPUT -m udp -p udp --dport $i -m string --algo bm --hex-string '|ffffffff56|' -m limit --limit 1/s --limit-burst 1 -j ACCEPT`

        `$IPTABLES -A INPUT -m udp -p udp --dport $i -m string --algo bm --hex-string '|ffffffff56|' -j DROP`

        `$IPTABLES -A INPUT -m udp -p udp --dport $i -m string --algo bm --hex-string '|ffffffff57|' -m limit --limit 1/s --limit-burst 1 -j ACCEPT`

        `$IPTABLES -A INPUT -m udp -p udp --dport $i -m string --algo bm --hex-string '|ffffffff57|' -j DROP`

done

I get an error:

Quote:iptables v1.4.8: unknown option `--dport'
Try `iptables -h' or 'iptables --help' for more information.

please help

lhffan · 02-13-2011, 07:16 PM

Nobody

Cleric · 02-23-2011, 08:13 PM

Just tried your iptables script on my server. Debian 6.0-vanillaish.

I did not get any errors.
Only thing a changed was $IPTABLES to $IP since my var is IPT="/sbin/iptables" apart from that we should be using the same script and iptables config.

Is it a snippet of your script you've posted or is it the whole file?

lhffan · 02-24-2011, 02:26 AM

Its a snippet

Monk · (This post was last modified: 02-24-2011, 07:14 PM by Monk.)

http://help.lockergnome.com/linux/iptables-v1-dport-unknown-argument--ftopict392432.html

Might help.

lhffan · 02-25-2011, 07:13 AM

(02-24-2011, 06:06 PM)Monk Wrote: http://help.lockergnome.com/linux/iptables-v1-dport-unknown-argument--ftopict392432.html

Might help.

Thanks monk... that helped

Code:

# Drop DOS exploit packages for SRCDS games

for i in $GPORTS

do

        `$IPTABLES -A INPUT -m udp -p udp --destination-port $i -m string --algo bm --hex-string '|ffffffff54|' -m limit --limit 5/s --limit-burst 1 -j ACCEPT`

        `$IPTABLES -A INPUT -m udp -p udp --destination-port $i -m string --algo bm --hex-string '|ffffffff54|' -j DROP`

        `$IPTABLES -A INPUT -m udp -p udp --destination-port $i -m string --algo bm --hex-string '|ffffffff55|' -m limit --limit 5/s --limit-burst 1 -j ACCEPT`

        `$IPTABLES -A INPUT -m udp -p udp --destination-port $i -m string --algo bm --hex-string '|ffffffff55|' -j DROP`

        `$IPTABLES -A INPUT -m udp -p udp --destination-port $i -m string --algo bm --hex-string '|ffffffff56|' -m limit --limit 5/s --limit-burst 1 -j ACCEPT`

        `$IPTABLES -A INPUT -m udp -p udp --destination-port $i -m string --algo bm --hex-string '|ffffffff56|' -j DROP`

        `$IPTABLES -A INPUT -m udp -p udp --destination-port $i -m string --algo bm --hex-string '|ffffffff57|' -m limit --limit 5/s --limit-burst 1 -j ACCEPT`

        `$IPTABLES -A INPUT -m udp -p udp --destination-port $i -m string --algo bm --hex-string '|ffffffff57|' -j DROP`

done

If you or anyone else can look at theese rules.... what limit should be ok?

Login
Username:
Password:	Lost Password?
	Remember me