limit udp traffic per ip using iptables only

end · 04-08-2017, 03:19 PM

try put

-d 162.222.73.243

Obada · 04-08-2017, 03:41 PM

i add it and no positive result

this my

Code:

iptables -L

Code:

root@vmi:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       udp  --  anywhere             162-222-73-121.saucelabs.net  udp spt:27043 #conn src/32 > 1 ctstate NEW,RELATED,ESTABLISHED
DROP       udp  --  anywhere             anywhere             udp dpt:27043 state NEW recent: UPDATE seconds: 1 hit_count: 2 name: DEFAULT side: source mask: 255.255.255.255
           udp  --  anywhere             anywhere             udp dpt:27043 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       udp  --  anywhere             162-222-73-121.saucelabs.net  udp spt:27043 #conn src/32 > 1 ctstate NEW,RELATED,ESTABLISHED
DROP       udp  --  anywhere             162-222-73-121.saucelabs.net  udp spt:27043 state NEW recent: UPDATE seconds: 1 hit_count: 2 name: DEFAULT side: source mask: 255.255.255.255
           udp  --  anywhere             162-222-73-121.saucelabs.net  udp spt:27043 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255

can iptables solve this or i need other firewall ??

end · 04-08-2017, 04:04 PM

they can, this is rules for that. on that server do you only use this udp port.

Obada · 04-08-2017, 04:14 PM

Quote:

Originally Posted by end

they can, this is rules for that. on that server do you only use this udp port.

no, i use other ports for my clients, but i lunch cs1.6 server on port 27043 for test dos attack and i attack just this port not else ports

no one these moment attack me, i just make test dos attack on port 27043 from external server for test my firewall

end · 04-08-2017, 04:18 PM

try this

iptables -I INPUT -s 162-222-73-121 -dport 27043 -j DROP

and test. this drop all on that port just see is this working.

Obada · 04-08-2017, 05:02 PM

i try your rule

Code:

iptables -I INPUT -s 162.222.73.121 -dport 27043 -j DROP

but i have got this error

Code:

Bad argument `27043'
Try `iptables -h' or 'iptables --help' for more information.

as i understand from this

this rule block attacker ip from accessing gameserver ip on port 27043 and the attacker ip can access other yes ?

so i search on google and i got this rule to do this

Code:

iptables -I INPUT -p tcp -d 162.222.73.121 --dport 27043 -j DROP
iptables -I INPUT -p udp -d 162.222.73.121 --dport 27043 -j DROP

after this transaction i make test dos on my gameserver and it's not block attacker ip !!

i think the result must the attacker cant dos me on this port

so i decide to block the attacker ip using this rule

Code:

iptables -A INPUT -s 162.222.73.98 -j DROP
iptables -A OUTPUT -s 162.222.73.98 -j DROP

an no effect ! he still can mak DOS on my game server

i need to notice i take this point in mind (the attacker ip don't still same as previous ip because i am using free rdp to to make test dos attack)

end · 04-08-2017, 05:19 PM

block ip with drop rule should work.

try

iptables -I INPUT -s 162.222.73.98/32 -j DROP

Obada · 04-08-2017, 05:44 PM

same problem....

look i was have ufw firewall on my ubuntu server but the ufw is disabled now just iptables is active that effect ??

and i was installed ddos-deflate script and this using iptables as a base that effect too ?

i made ping from attacker server to my game server before & after blocking attacker ip and two result same

Code:

Pinging $gameserver with 32 bytes of data:
Reply from $gameserver: bytes=32 time=172ms TTL=48
Reply from $gameserver: bytes=32 time=172ms TTL=48
Reply from $gameserver: bytes=32 time=172ms TTL=48
Reply from $gameserver: bytes=32 time=172ms TTL=48

Ping statistics for $gameserver:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 172ms, Maximum = 172ms, Average = 172ms

this mean i have issue on my iptables

end · 04-08-2017, 06:10 PM

no effect.

try

iptables -I INPUT -s 162-222-73-121.saucelabs.net -j DROP

or

iptables -I INPUT -d 162-222-73-121.saucelabs.net -j DROP

change ip to ip that is now.

Obada · 04-08-2017, 06:21 PM

Quote:

Originally Posted by end

no effect.

try

iptables -I INPUT -s 162-222-73-121.saucelabs.net -j DROP

or

iptables -I INPUT -d 162-222-73-121.saucelabs.net -j DROP

change ip to ip that is now.

no effect :|

i will try to make dos on tcp port, i was have tcp protection so i will test it if i can block it....

after make DOS Attack on tcp purt the ddos deflate blocked the attacker

Code:

List of currently banned ip's.
===================================
1491694534 162.222.73.93 108

end · 04-08-2017, 06:23 PM

post

iptables -nvL

Obada · 04-08-2017, 06:32 PM

Code:

root@vmi:~# iptables -nvL
Chain INPUT (policy ACCEPT 4362 packets, 317K bytes)
 pkts bytes target     prot opt in     out     source               destination
  408 19616 DROP       all  --  *      *       162.222.73.120       0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 6659 packets, 731K bytes)
 pkts bytes target     prot opt in     out     source               destination

this appear after flush iptables and make new dos attack on tcp port then ddos deflate block the attacker

end · 04-08-2017, 06:34 PM

i realy dont know way iptables rule dont work in your case maybe there is some other rule that overide them.

Obada · 04-08-2017, 06:39 PM

and yes after ddos deflate script i can't ping my gameserver any more from attacker machine

Code:

C:\Windows\system32>ping $gameserver

Pinging $gameserver with 32 bytes of data:
Request timed out.
Request timed out.

that mean my iptables not work.....

so i will try to remove the ddos deflate

end · 04-08-2017, 06:40 PM

great then you solved it.

try remove and restart. and then try our approach it should work.

first try with ip block. if that work try connection limit options. and see whats happening.