Bob Sully wrote:
Hey guys...I used to run a CS server on one of my machines. This worked for me:sure, but you'd better use -m state --state RELATED,ESTABLISHED[,NEW]? instead of
# GAMES
# Half-Life/CounterStrike
#
if [ $HALF_LIFE -gt 0 ]; then
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p UDP \
--sport 27000:27050 --dport $UNPRIVPORTS -s $EXTERNAL_IP -d \
$ANYWHERE -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE -p UDP \
--sport $UNPRIVPORTS --dport 27000:27050 -s $ANYWHERE -d \
$EXTERNAL_IP -j ACCEPT
if [ $VERBOSE -gt 0 ]; then
echo "firewall: Half-Life/CounterStrike ports enabled"
fi
fi
where:
$EXTERNAL_INTERFACE = eth0 in my case
$EXTERNAL_IP = obvious
$UNPRIVPORTS = 1024:65535
$ANYWHERE = any/0
--sport $UNPRIVPORTS, as the former is stateful.
roy