arrow_upward

Pages (2):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Iptables configuration
#1
I tried this tutorial how to setup iptables for samp server to defend the ddos attacks,
after adding the commands the server with port 7777 won't work anymore i don't know why maybe i miss something or didn't install something correctly,
i'm using debian 8 and the tutorail i think made for centos 7. anyone would help please?
Watch this beauty till the end..

#2
I think firewalls are redundant when UFW exists. It's so simple and easy to use that even my grandma can use it. iptables on the other hand is complicated,
No one knows what the future holds, that's why its potential is infinite
#3
To control iptable without touching default settings of iptable. ufw is the one and only great thing specially for newbies. and nothing bad can happened while using this. i has simply multiple options to block and allow routs of ip and ports. incoming outgoing. and if you stuck somewhere you can stop services or make it back to default.
Heart LOVE FOR ALL  HATRED FOR NONE Heart
#4
iptables is always the same regardless of the Linux distribution used. ufw is a frontend to make iptables usage easier.

The rules that you used from the guide are either wrong (as in misconfigured) or you trigger the block when you connect to the server and get kicked off by the firewall.

You can't stop DDoS using just iptables. DDoS originates from multiple sources and a lot of attackers. All of these articles claiming that you can use iptables on the same machine to stop DDoS attacks are misleading and wrong! You can stop attacks from single attackers (that is DoS not DDoS) by blocking them with iptables, though.
[Image: zHHqO5Q.png]
#5
(05-10-2019, 04:57 AM)Hidden Refuge Wrote: iptables is always the same regardless of the Linux distribution used. ufw is a frontend to make iptables usage easier.

The rules that you used from the guide are either wrong (as in misconfigured) or you trigger the block when you connect to the server and get kicked off by the firewall.

You can't stop DDoS using just iptables. DDoS originates from multiple sources and a lot of attackers. All of these articles claiming that you can use iptables on the same machine to stop DDoS attacks are misleading and wrong! You can stop attacks from single attackers (that is DoS not DDoS) by blocking them with iptables, though.

not the server kicking me, while i add those rules, it was working then when i start it via panel it won't work, i tried to change the server port to another one it works fine, but with that port 7777 it wouldn't so i'm asking for a solution
Watch this beauty till the end..

#6
So what is the exact issue now? You cannot connect to game servers running on port 7777 or the game server won't even start when you attempt to run it from port 7777? This are two different issues of which one is unrelated to the firewall subject.

If it is the first: as you said the issues started after you applied these firewall rules. So my statements still stay valid unless proven otherwise. The issues are within these firewall rules that either a) they are misconfigured or b) they work and you somehow trigger them to the point that your connection to the game server is dropped. In this case of course a server on a different port will work because the firewall rules are ONLY for port 7777.

If it is the second case: I have no idea. Sorry. I never played SA-MP/MTA or whatever there exists to play GTA online and neither have I bothered around with these game panels and how exactly their magic works.
[Image: zHHqO5Q.png]
#7
The server software wont run on specific port most probably because other thing is already using the port

Make sure that specific port (7777) is not used by any other process

For ddos protection unfortunately most game server use udp protocol that is much harder to prevent fro ddos , there is some 'sort of' protection by some hpsing provider for udp but not much
Terminal
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5
#8
After a lot of tries reinstalling the hole vps, and trying, i find from where exactly the issue:
from that command:
iptables -A INPUT -p udp --dport 7777 -m limit --limit 6/s --limit-burst 12 -j DROP
may you know figure it out?
Watch this beauty till the end..

#9
The problematic rule that you isolated is rate limiting connections to port 7777. It limits the port to 6 connections per second on port 7777 with bursts to up to 12 connections per second globally (meaning all possible connections to that port). And I would easily assume that generally when you connect or others connect there are way more than 6 - 12 connections being opened up on port 7777. So well... you get kicked out because the firewall gets triggered exactly through that problematic rule and terminates all new connections.

https://linux.die.net/man/8/iptables Wrote:limit

This module matches at a limited rate using a token bucket filter. A rule using this extension will match until this limit is reached (unless the '!' flag is used). It can be used in combination with the LOG target to give limited logging, for example.
--limit rate
   Maximum average matching rate: specified as a number, with an optional '/second', '/minute', '/hour', or '/day' suffix; the default is 3/hour.
--limit-burst number
   Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the default is 5.
[Image: zHHqO5Q.png]
#10
Hmmm so there is no solution to fix or edit that command, is that i missed something? because i didn't edit any command from that site. what i really need a solution.
Watch this beauty till the end..

Pages (2):


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
3,370
07-29-2019, 05:02 AM
Last Post: humanpuff69
2,990
07-28-2019, 03:51 AM
Last Post: deanhills

person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting