Good afternoon, I'm having a problem on my game server, where it seems that through some error in the game itself, some guy is "simulating" multiple connections on server login ports 7171 and 7172, and iptables arrives at stop him but it does not block him, ie his attacks continue and continue, I already tried to jump to everything any corner, CSF, Dflate ... none could stop,
As I am new to linux I need some help from someone who understands the subject.
What I need is that iptables make sure the person is connecting a lot in a few seconds, and I block the ip for about 10 minutes, so he can not continue the connections at the moment thus causing the ports to overload.
I used these rules were the ones that helped me the most, but with the high number of other players together, it makes the life of the "subject" facilitate and end the connections, checking the connections on the ports, the ip of the "subject" came to hit 120 connections, which is the same as 120 people every 1 with your computer.
Why did not I ban his ip yet? Because I already banned it and it changed the ip, so I need something that blocked it temporary at the time it tries.
The rules that I came to use last.
iptables -N conn-flood
iptables -I INPUT 1 -p tcp –syn -j conn-flood
iptables -A conn-flood -m limit –limit 7/s –limit-burst 20 -j RETURN
iptables -A conn-flood -j DROP
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
iptables -A INPUT -p icmp -j DROP
iptables -I INPUT -p tcp -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m recent --update --seconds 3 --hitcount 20 -j DROP
As I am new to linux I need some help from someone who understands the subject.
What I need is that iptables make sure the person is connecting a lot in a few seconds, and I block the ip for about 10 minutes, so he can not continue the connections at the moment thus causing the ports to overload.
I used these rules were the ones that helped me the most, but with the high number of other players together, it makes the life of the "subject" facilitate and end the connections, checking the connections on the ports, the ip of the "subject" came to hit 120 connections, which is the same as 120 people every 1 with your computer.
Why did not I ban his ip yet? Because I already banned it and it changed the ip, so I need something that blocked it temporary at the time it tries.
The rules that I came to use last.
iptables -N conn-flood
iptables -I INPUT 1 -p tcp –syn -j conn-flood
iptables -A conn-flood -m limit –limit 7/s –limit-burst 20 -j RETURN
iptables -A conn-flood -j DROP
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
iptables -A INPUT -p icmp -j DROP
iptables -I INPUT -p tcp -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m recent --update --seconds 3 --hitcount 20 -j DROP