Re: [hlds_linux] Reload MOTD
The entire file is sent to clients when they connect anyway, so I presume there is no need to "reload" anything except change the value of the Cvar Thanks, - Saul. On 11 Sep 2009, at 22:54, Oliver Salzburg wrote: > On a TF2 server, can you reload the MOTD without restarting the > server? > > ___ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reload MOTD
It reloads on mapchange. I don't know other than that. -Jeff On Fri, Sep 11, 2009 at 2:54 PM, Oliver Salzburg wrote: > On a TF2 server, can you reload the MOTD without restarting the server? > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] Reload MOTD
On a TF2 server, can you reload the MOTD without restarting the server? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Configuring Firehol for Steam/HLDS/SRCDS
In the rules that have 27000-27022 or 27015-27022 as the port range,
that's just because these rules are on my L4D server and the forks
listen on ports up through 27022. You can tighten those rules down to
allow only the ports you are using.
- Dave
David A. Parker wrote:
> Here's a script to set up iptables with the rules I use. This works
> pretty well on Debian Lenny. In essence, it allows most SSH and SRCDS
> traffic without logging, and logs all pings and dropped packets. My
> apologies if any of the lines get wrapped.
>
> - Dave
>
> #!/bin/bash
>
> IPTABLES="/sbin/iptables"
> IPADDR="xxx.xxx.xxx.xxx"
>
> # Flush existing iptables rules."
> iptables -F INPUT
> ${IPTABLES} -F OUTPUT
> ${IPTABLES} -F FORWARD
>
> # Set the default policies
> ${IPTABLES} -P INPUT DROP
> ${IPTABLES} -P FORWARD DROP
> ${IPTABLES} -P OUTPUT ACCEPT
>
> #
> #--- INPUT RULES ---
> #
>
> # DROP broadcast and multicast packets without logging
> ${IPTABLES} -A INPUT -m pkttype --pkt-type broadcast -j DROP
> ${IPTABLES} -A INPUT -d 224.0.0.0/24 -j DROP
>
> # ACCEPT localhost traffic without logging
> ${IPTABLES} -A INPUT -i lo -j ACCEPT
>
> # ACCEPT SSH packets without logging
> ${IPTABLES} -A INPUT -p tcp -d ${IPADDR} --dport 22 -j ACCEPT
>
> # ACCEPT srcds rcon connections (TCP) without logging
> ${IPTABLES} -A INPUT -p tcp -d ${IPADDR} --dport 27015:27022 -m state
> --state NEW,ESTABLISHED -j ACCEPT
>
> # ACCEPT srcds game connections (UDP) without logging
> ${IPTABLES} -A INPUT -p udp -d ${IPADDR} --dport 1200 -j ACCEPT
> ${IPTABLES} -A INPUT -p udp -d ${IPADDR} --dport 27000:27022 -j ACCEPT
>
> # ACCEPT all established/related connections without logging
> ${IPTABLES} -A INPUT -p tcp -d ${IPADDR} -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> ${IPTABLES} -A INPUT -p udp -d ${IPADDR} -m state --state
> ESTABLISHED,RELATED -j ACCEPT
>
> # LOG and ACCEPT ICMP Types 8 and 0 (echo-request and echo-reply)
> ${IPTABLES} -A INPUT -p icmp --icmp-type echo-request -j LOG
> --log-prefix "--[INPUT (ECHO-REQUEST)]:-- "
> ${IPTABLES} -A INPUT -p icmp --icmp-type echo-reply -j LOG
> --log-prefix "--[INPUT (ECHO-REPLY)]:-- "
> ${IPTABLES} -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
> ${IPTABLES} -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
>
> # ACCEPT ICMP Type 3 (destination unreachable) without logging
> ${IPTABLES} -A INPUT -p icmp --icmp-type destination-unreachable -d
> ${IPADDR} -j ACCEPT
>
> # ACCEPT ICMP Type 11 (time exceeded) without logging
> ${IPTABLES} -A INPUT -p icmp --icmp-type time-exceeded -d ${IPADDR} -j
> ACCEPT
>
> # LOG everything else before it gets dropped by default policy
> ${IPTABLES} -A INPUT -j LOG --log-prefix "--[DROPPED (INPUT)]:-- "
>
>
> Crazy Canucks wrote:
>> I'm afraid I don't know anything about iptables, which was why I wanted
>> to use Firehol. I used to use Bastille, but that hasn't been updated
>> for Debian Lenny. Anyway, If you could post that, I'd be grateful. I
>> might have to cave in and teach myself about iptables...
>>
>> Drek
>>
>> David Parker wrote:
>>> I don't use Firehol, but I have a working ${IPTABLES} config if you would
>>> like that.
>>>
>>> - Dave
>>>
>>> - Original Message -
>>> From: Crazy Canucks
>>> Date: Thursday, September 10, 2009 7:51 pm
>>> Subject: [hlds_linux] Configuring Firehol for Steam/HLDS/SRCDS
>>> To: Valve Linux Server Mailing List
>>>
>>>
I'm pulling my hair out over this one. Does anyone have a
working
configuration for Steam/HLDS/SRCDS for Firehol that they would
be
willing to share?
Drek
___
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
--
Dave Parker
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Configuring Firehol for Steam/HLDS/SRCDS
Here's a script to set up iptables with the rules I use. This works
pretty well on Debian Lenny. In essence, it allows most SSH and SRCDS
traffic without logging, and logs all pings and dropped packets. My
apologies if any of the lines get wrapped.
- Dave
#!/bin/bash
IPTABLES="/sbin/iptables"
IPADDR="xxx.xxx.xxx.xxx"
# Flush existing iptables rules."
iptables -F INPUT
${IPTABLES} -F OUTPUT
${IPTABLES} -F FORWARD
# Set the default policies
${IPTABLES} -P INPUT DROP
${IPTABLES} -P FORWARD DROP
${IPTABLES} -P OUTPUT ACCEPT
#
#--- INPUT RULES ---
#
# DROP broadcast and multicast packets without logging
${IPTABLES} -A INPUT -m pkttype --pkt-type broadcast -j DROP
${IPTABLES} -A INPUT -d 224.0.0.0/24 -j DROP
# ACCEPT localhost traffic without logging
${IPTABLES} -A INPUT -i lo -j ACCEPT
# ACCEPT SSH packets without logging
${IPTABLES} -A INPUT -p tcp -d ${IPADDR} --dport 22 -j ACCEPT
# ACCEPT srcds rcon connections (TCP) without logging
${IPTABLES} -A INPUT -p tcp -d ${IPADDR} --dport 27015:27022 -m state
--state NEW,ESTABLISHED -j ACCEPT
# ACCEPT srcds game connections (UDP) without logging
${IPTABLES} -A INPUT -p udp -d ${IPADDR} --dport 1200 -j ACCEPT
${IPTABLES} -A INPUT -p udp -d ${IPADDR} --dport 27000:27022 -j ACCEPT
# ACCEPT all established/related connections without logging
${IPTABLES} -A INPUT -p tcp -d ${IPADDR} -m state --state
ESTABLISHED,RELATED -j ACCEPT
${IPTABLES} -A INPUT -p udp -d ${IPADDR} -m state --state
ESTABLISHED,RELATED -j ACCEPT
# LOG and ACCEPT ICMP Types 8 and 0 (echo-request and echo-reply)
${IPTABLES} -A INPUT -p icmp --icmp-type echo-request -j LOG
--log-prefix "--[INPUT (ECHO-REQUEST)]:-- "
${IPTABLES} -A INPUT -p icmp --icmp-type echo-reply -j LOG
--log-prefix "--[INPUT (ECHO-REPLY)]:-- "
${IPTABLES} -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
${IPTABLES} -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
# ACCEPT ICMP Type 3 (destination unreachable) without logging
${IPTABLES} -A INPUT -p icmp --icmp-type destination-unreachable -d
${IPADDR} -j ACCEPT
# ACCEPT ICMP Type 11 (time exceeded) without logging
${IPTABLES} -A INPUT -p icmp --icmp-type time-exceeded -d ${IPADDR} -j
ACCEPT
# LOG everything else before it gets dropped by default policy
${IPTABLES} -A INPUT -j LOG --log-prefix "--[DROPPED (INPUT)]:-- "
Crazy Canucks wrote:
> I'm afraid I don't know anything about iptables, which was why I wanted
> to use Firehol. I used to use Bastille, but that hasn't been updated
> for Debian Lenny. Anyway, If you could post that, I'd be grateful. I
> might have to cave in and teach myself about iptables...
>
> Drek
>
> David Parker wrote:
>> I don't use Firehol, but I have a working ${IPTABLES} config if you would
>> like that.
>>
>> - Dave
>>
>> - Original Message -
>> From: Crazy Canucks
>> Date: Thursday, September 10, 2009 7:51 pm
>> Subject: [hlds_linux] Configuring Firehol for Steam/HLDS/SRCDS
>> To: Valve Linux Server Mailing List
>>
>>
>>> I'm pulling my hair out over this one. Does anyone have a
>>> working
>>> configuration for Steam/HLDS/SRCDS for Firehol that they would
>>> be
>>> willing to share?
>>>
>>> Drek
>>>
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list
>>> archives, please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
--
Dave Parker
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Configuring Firehol for Steam/HLDS/SRCDS
For anyone who finds themselves asking the same questions, here are the relevant bits that will allow you to host hlds/srcds. The settings that had me hung up were the "default" for the client ports, and the "client all accept" rule. The hlds/srcds Steam client uses a lot of different ports, I don't know what the entire range is, so unless you want to go to the trouble of figuring them all out, you are best off to just allow all client connections. This is a Firehol configuration for dummies. It is very simple, but it works, and I expect provides as much security as any software firewall, and probably a great deal more than your average Windows software firewall. server_hlds_ports="tcp/27015 tcp/27020 udp/27015" client_hlds_ports="default" interface any world # The default policy is DROP. You can be more polite with REJECT. policy drop # Here are the services listening on eth0. server hldsaccept # Here are the client applications that can REQUEST on eth0. client allaccept Crazy Canucks wrote: > I'm pulling my hair out over this one. Does anyone have a working > configuration for Steam/HLDS/SRCDS for Firehol that they would be > willing to share? > > Drek > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Configuring Firehol for Steam/HLDS/SRCDS
I'm afraid I don't know anything about iptables, which was why I wanted to use Firehol. I used to use Bastille, but that hasn't been updated for Debian Lenny. Anyway, If you could post that, I'd be grateful. I might have to cave in and teach myself about iptables... Drek David Parker wrote: > I don't use Firehol, but I have a working iptables config if you would like > that. > > - Dave > > - Original Message - > From: Crazy Canucks > Date: Thursday, September 10, 2009 7:51 pm > Subject: [hlds_linux] Configuring Firehol for Steam/HLDS/SRCDS > To: Valve Linux Server Mailing List > > >> I'm pulling my hair out over this one. Does anyone have a >> working >> configuration for Steam/HLDS/SRCDS for Firehol that they would >> be >> willing to share? >> >> Drek >> >> ___ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Source 2007 Engine
http://store.steampowered.com/news/2811/ On Fri, Sep 11, 2009 at 12:48 AM, Romain Pierre wrote: > This update have been released? > > Romain Pierre > www.servgame.eu > > > 2009/9/11 Evaldas, GameConnect > > > "Fixed an exploit that allowed files to be uploaded to the server at > > arbitrary locations in the file system" > > > > As I remember, that was a server side exploit, and TF2 engine got > > materialsystem_i486.so updated. Source 2007 Engine is an earlier version > > (protocol 14) of the current TF2 engine. So I thought, that Linux files > > will > > be affected too. > > > > > > - Original Message - > > From: "Saul Rennison" > > To: "Half-Life dedicated Linux server mailing list" > > > > Sent: Friday, September 11, 2009 10:03 AM > > Subject: Re: [hlds_linux] Source 2007 Engine > > > > > > > Linux files for what? Source SDK Base, and Orangebox games should be > > > the only games updating. > > > > > > Thanks, > > > - Saul. > > > > > > On 11 Sep 2009, at 07:47, "Evaldas, GameConnect" > > > > > > wrote: > > > > > >> Source 2007 Engine > > >> Fixed an exploit that allowed files to be uploaded to the server at > > >> arbitrary locations in the file system > > >> Fixed a server crash caused by a client packet claiming to be an > > >> HLTV client > > >> when HLTV is disabled on the server > > >> Fixed a server crash caused by spoofing a client disconnect message > > >> Fixed a server crash caused by sending malformed reliable subchannel > > >> data > > >> > > >> I don't see linux files updating... :-) > > >> > > >> > > >> Evaldas, > > >> GameConnect, Lithuania > > >> www.gameconnect.lt > > >> > > >> > > >> ___ > > >> To unsubscribe, edit your list preferences, or view the list > > >> archives, please visit: > > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > ___ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > ___ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Source 2007 Engine
This update have been released? Romain Pierre www.servgame.eu 2009/9/11 Evaldas, GameConnect > "Fixed an exploit that allowed files to be uploaded to the server at > arbitrary locations in the file system" > > As I remember, that was a server side exploit, and TF2 engine got > materialsystem_i486.so updated. Source 2007 Engine is an earlier version > (protocol 14) of the current TF2 engine. So I thought, that Linux files > will > be affected too. > > > - Original Message - > From: "Saul Rennison" > To: "Half-Life dedicated Linux server mailing list" > > Sent: Friday, September 11, 2009 10:03 AM > Subject: Re: [hlds_linux] Source 2007 Engine > > > > Linux files for what? Source SDK Base, and Orangebox games should be > > the only games updating. > > > > Thanks, > > - Saul. > > > > On 11 Sep 2009, at 07:47, "Evaldas, GameConnect" > > > > wrote: > > > >> Source 2007 Engine > >> Fixed an exploit that allowed files to be uploaded to the server at > >> arbitrary locations in the file system > >> Fixed a server crash caused by a client packet claiming to be an > >> HLTV client > >> when HLTV is disabled on the server > >> Fixed a server crash caused by spoofing a client disconnect message > >> Fixed a server crash caused by sending malformed reliable subchannel > >> data > >> > >> I don't see linux files updating... :-) > >> > >> > >> Evaldas, > >> GameConnect, Lithuania > >> www.gameconnect.lt > >> > >> > >> ___ > >> To unsubscribe, edit your list preferences, or view the list > >> archives, please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > ___ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Source 2007 Engine
"Fixed an exploit that allowed files to be uploaded to the server at arbitrary locations in the file system" As I remember, that was a server side exploit, and TF2 engine got materialsystem_i486.so updated. Source 2007 Engine is an earlier version (protocol 14) of the current TF2 engine. So I thought, that Linux files will be affected too. - Original Message - From: "Saul Rennison" To: "Half-Life dedicated Linux server mailing list" Sent: Friday, September 11, 2009 10:03 AM Subject: Re: [hlds_linux] Source 2007 Engine > Linux files for what? Source SDK Base, and Orangebox games should be > the only games updating. > > Thanks, > - Saul. > > On 11 Sep 2009, at 07:47, "Evaldas, GameConnect" > > wrote: > >> Source 2007 Engine >> Fixed an exploit that allowed files to be uploaded to the server at >> arbitrary locations in the file system >> Fixed a server crash caused by a client packet claiming to be an >> HLTV client >> when HLTV is disabled on the server >> Fixed a server crash caused by spoofing a client disconnect message >> Fixed a server crash caused by sending malformed reliable subchannel >> data >> >> I don't see linux files updating... :-) >> >> >> Evaldas, >> GameConnect, Lithuania >> www.gameconnect.lt >> >> >> ___ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Source 2007 Engine
Linux files for what? Source SDK Base, and Orangebox games should be the only games updating. Thanks, - Saul. On 11 Sep 2009, at 07:47, "Evaldas, GameConnect" wrote: > Source 2007 Engine > Fixed an exploit that allowed files to be uploaded to the server at > arbitrary locations in the file system > Fixed a server crash caused by a client packet claiming to be an > HLTV client > when HLTV is disabled on the server > Fixed a server crash caused by spoofing a client disconnect message > Fixed a server crash caused by sending malformed reliable subchannel > data > > I don't see linux files updating... :-) > > > Evaldas, > GameConnect, Lithuania > www.gameconnect.lt > > > ___ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
