On Fri, 2003-01-10 at 19:46, Dominic Irrcher wrote: > hi, > > was wondering if anyone has successfully setup a ruleset for a quake3 server > with iptables ? Hi, Are you talking about running a quake3 server *on* your Linux box, playing quake3 *from* your Linux machine, or allowing quake3 traffic to be firewalled by your Linux machine. I suspect it's one of the first two, but I couldn't get that from your rules below... Either way, this is how it works: If you set up a server, you need to allow access to the port you are running the server on, most often 27960, like this: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p udp --dport 27960 -j ACCEPT If you want to play quake3 from your machine, the last rule becomes: iptables -A OUTPUT -p udp --dport 27960 -j ACCEPT Same thing (kind of) for the FORWARD chain. Now there's one more thing to know: if you play online you will often connect to a master server, get a list of ip addresses+ports from that server, and connect to the individual game servers from there. In that case, all the above won't work, since; - some of those servers are not running on port 27960 - you're not allowing traffic to the master server that is running on port 27950 If these last two paragraphs best describe your situation, and you want to enforce tight security (ie. the easy way our for a home user is to allow all udp traffic :-) ), you need the quake3 conntrack/nat module from patch-o-matic. Regards, Filip
