Re: [hlds_linux] Creating iptables rules atm need some info.

Mon, 21 Dec 2009 09:47:08 -0800 

Why lock down those ports to specific master server or update server 
IPs?  That really ties your hands if a server goes down or Valve decides 
to change an IP address.

Master server traffic is UDP, but I think downloading updates is done 
over TCP.  I have iptables rules on my game servers to allow the 
following in and drop everything else:

TCP 27015 (for rcon)
UDP 1200
UDP 27000-27015

ICMP echo-request
ICMP echo-reply
ICMP destination-unreachable
ICMP time-exceeded

TCP ESTABLISHED/RELATED
UDP ESTABLISHED/RELATED

I don't block any outgoing traffic on these servers.  This setup works 
very well for me and I never seem to have any connectivity problems.

     - Dave

Daniel Nilsson wrote:
> Im in progress of securing my debian box with some well formatted lines 
> of rules. What i would like to do is the following.
> 
> 1. Block everything in and out
> 2. Allow needed things in and out.
> 
> Atm im allowing udp connections to my server for my clients. Tcp 
> connection is only allowed if the source is correct. (for the stats and 
> some more)
> 
> But i have some problems. Update will not work, neither connection to 
> the master server.
> 
> So the question is what ip´s  does those update/masterservers have?
> And what ports do i need to open up so my server can be updated and 
> connect to the master/update server?
> vac server ip?
> And also are those ip´s tcp or udp?
> More ip´s i need to open up against?
> 
> 
> //Daniel
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus signature 
> database 4706 (20091221) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> 
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 

-- 

Dave Parker
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Reply via email to