sirplease / iptables Goto Github PK

Hi,

I have been using this Iptables file for my game server (L4D) but some attacks still pass through. Recently I have captured it using tcpdump and tried to analyze it in Wireshark. The packet length is usually 50 Bytes with an error spamming in the game server console "Invalid split packet length 8". The traffic per second is 265 kbps and ~15000 packets/ 30 seconds. I have 5 pcap files that showed legit players usually only send up to ~5000 packets/30 seconds while DDOS attacks use so much more (in my case 15000 is the minimum). I wonder if we should add rules that use hit count such as this? Or if there is already a reason why we don't already have that rule?

iptables -I INPUT -p udp --dport $UDP_PORTS_PROTECTION -m state --state NEW -m recent --set
iptables -I INPUT -p udp --dport $UDP_PORTS_PROTECTION -m state --state NEW -m recent --update --seconds 30 --hitcount 8000 -j DROP

I'm still new to Iptables and not sure how I would integrate this into your existing bash script. I tried to append it to your "UDPfilter" chain but I got this error below instead:

iptables v1.8.7 (nf_tables):  RULE_APPEND failed (Invalid argument): rule in chain UDPfilter

Please help, thanks!

Fixed. Port issue :)