Re: Propert IPTABLES Configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bob Sully wrote:

Hey guys...I used to run a CS server on one of my machines. This worked for me:

# GAMES
# Half-Life/CounterStrike
#

if [ $HALF_LIFE -gt 0 ]; then

iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p UDP \
--sport 27000:27050 --dport $UNPRIVPORTS -s $EXTERNAL_IP -d \
$ANYWHERE -j ACCEPT

iptables -A INPUT -i $EXTERNAL_INTERFACE -p UDP \
--sport $UNPRIVPORTS --dport 27000:27050 -s $ANYWHERE -d \
$EXTERNAL_IP -j ACCEPT

if [ $VERBOSE -gt 0 ]; then
echo "firewall: Half-Life/CounterStrike ports enabled"
fi

fi

where:

$EXTERNAL_INTERFACE = eth0 in my case
$EXTERNAL_IP = obvious
$UNPRIVPORTS = 1024:65535
$ANYWHERE = any/0

sure, but you'd better use -m state --state RELATED,ESTABLISHED[,NEW]? instead of
--sport $UNPRIVPORTS, as the former is stateful.

roy






[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux