- updating/installing the tf2 server
- ./steamcmd.sh +login anonymous +force_install_dir ../tf2/ +app_update 232250 validate +quit
- starting the server
- ./tf2/srcds_run -steam_dir steamcmd/ -steamcmd_script steamcmd/steamcmd.sh -console +hostname xxxxxxx -ip xxx.xxx.xxx -port xxxxx -game tf +map cp_dustbowl -maxplayers 24
- adding bots
- tf_bot_add 4
- iptables found on the internet
- stop DDOS attacks
- iptables -A INPUT -p tcp --destination-port 27015 -j LOG --log-prefix "SRCDS-RCON " -m limit --limit 1/m --limit-burst 1
- iptables -A INPUT -p tcp --destination-port 27015 -j DROP
- iptables -A INPUT -p udp --destination-port 27015 -m length --length 0:32 -j LOG --log-prefix "SRCDS-XSQUERY " --log-ip-options -m limit --limit 1/m --limit-burst 1
- iptables -A INPUT -p udp --destination-port 27015 -m length --length 0:32 -j DROP
- iptables -A INPUT -p udp --destination-port 27015 -m length --length 2521:65535 -j LOG --log-prefix "SRCDS-XLFRAG " --log-ip-options -m limit --limit 1/m --limit-burst 1
- iptables -A INPUT -p udp --destination-port 27015 -m length --length 2521:65535 -j DROP
- -m hashlimit --hashlimit-mode dstport,dstip --hashlimit-name StopFlood --hashlimit 330/s --hashlimit-burst 66
- iptables -A INPUT -p udp -m state --state ESTABLISH -j ACCEPT
- iptables -A INPUT -p udp -m state --state NEW -m hashlimit --hashlimit-mode srcip,dstport --hashlimit-name StopDoS --hashlimit 1/s --hashlimit-burst 3 -j ACCEPT
- iptables -A INPUT -p udp -m state --state NEW -m hashlimit --hashlimit-mode srcip --hashlimit-name StopDoS --hashlimit 1/s --hashlimit-burst 3 -j ACCEPT
- iptables -A INPUT -p udp -j LOG --log-prefix "UDP-SPAM " --log-ip-options -m limit --limit 1/m --limit-burst 1
- iptables -A INPUT -p udp -j DROP
- Steam iptables form SteamCmd page
- iptables -A INPUT -p udp -m udp --sport 27000:27030 --dport 1025:65355 -j ACCEPT
- iptables -A INPUT -p udp -m udp --sport 4380 --dport 1025:65355 -j ACCEPT
- Debian iptables
- *filter
- # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
- -A INPUT -i lo -j ACCEPT
- -A INPUT -d 127.0.0.0/8 -j REJECT
- # Accept all established inbound connections
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allow all outbound traffic - you can modify this to only allow certain traffic
- -A OUTPUT -j ACCEPT
- # Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
- -A INPUT -p tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp --dport 443 -j ACCEPT
- # Allow SSH connections
- #
- # The -dport number should be the same port number you set in sshd_config
- #
- -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
- # Allow ping
- -A INPUT -p icmp -j ACCEPT
- # Log iptables denied calls
- -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
- # Drop all other inbound - default deny unless explicitly allowed policy
- -A INPUT -j DROP
- -A FORWARD -j DROP
- COMMIT
- iptables form some webfourms
- # Accept anything from localhost
- iptables -A INPUT -s 127.0.0.1/32 --jump ACCEPT
- # FTP
- iptables -A INPUT -p tcp --dport 21 --jump ACCEPT
- #SSH
- iptables -A INPUT -p tcp --dport ssh --jump ACCEPT
- #MySql
- iptables -A INPUT -p tcp --dport 3306 --jump ACCEPT
- #Steam Friends Service
- iptables -A INPUT -p udp --dport 1200 --jump ACCEPT
- #Steam Main UDP
- iptables -A INPUT -p udp --dport 27000 --jump ACCEPT
- #Steam Main TCP
- iptables -A INPUT -p tcp --dport 27020 --jump ACCEPT
- iptables -A INPUT -p tcp --dport 27039 --jump ACCEPT
- #Steam Dedicated Server HLTV
- iptables -A INPUT -p udp --dport 27020 --jump ACCEPT
- #your server info go's here
- iptables -A INPUT -p udp -d server-IP --dport server-port
- #allow rcon to thoes servers
- iptables -A INPUT -p tcp -d server-ip --dport server-port --jump ACCEPT
- #now to drop all other traffic :)
- iptables -A INPUT -p tcp --dport 1:1023 --jump DROP
- iptables -A INPUT -p udp --dport 1:1023 --jump DROP
- # Creation channel rejection flood udp 28
- iptables -N REJECT_FLOOD28
- iptables -A REJECT_FLOOD28 -j LOG --log-prefix 'IPTABLES-FLOOD LENGTH 28: ' --log-level info
- iptables -A REJECT_FLOOD28 -j DROP
- # Creation channel rejection flood udp 46
- iptables -N REJECT_FLOOD46
- iptables -A REJECT_FLOOD46 -j LOG --log-prefix 'IPTABLES-FLOOD LENGTH 46: ' --log-level info
- iptables -A REJECT_FLOOD46 -j DROP
- iptables -A INPUT -i eth0 -p udp --dport your_port -m length --length 28 -j REJECT_FLOOD28
- iptables -A INPUT -i eth0 -p udp --dport your_port -m length --length 46 -j REJECT_FLOOD46
- -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 27000:27015 -j ACCEPT
- -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 27000:27015 -j ACCEPT
- *filter
- :FORWARD ACCEPT [0:0]
- :INPUT DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -p tcp -m tcp -d ***.***.***.*** --dport 10000 -j ACCEPT
- -A INPUT -p tcp -m tcp -d ***.***.***.*** --dport 8443 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 21:22 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 8009 -j ACCEPT
- -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 27070,27085,27100,27115
- -A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 27070,27085,27100,27115
- -A INPUT -p udp -m udp --dport 27020:27022 -j ACCEPT
- -A INPUT -p udp -m udp --dport 26901:27009 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
- -A INPUT -p udp -m udp -d ***.***.***.*** --dport 10000 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 106 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 27030:27039 --sport 27030:27039 -j ACCEPT
- -A INPUT -p udp -m udp --dport 27000:27020 -j ACCEPT
- -A INPUT -p udp -m udp --dport 1200 -j ACCEPT
- -A OUTPUT -j ACCEPT
- -A OUTPUT -p tcp -m tcp --dport 27020:27050 --sport 27020:27050 -j ACCEPT
SHARE
TWEET
Rawr TF2 Server Junk
a guest
May 24th, 2013
75
Never
RAW Paste Data