Jump to content

Setting up Iptables?


Evilsystem

Recommended Posts

Hello there..

 

I've been trying to setup iptables to open the ports when a server is created..

 

I tried this custom script:

 

#!/bin/bash
iptables -A INPUT -p tcp -m tcp --dport ${Service_GamePort} -j ACCEPT
/sbin/service iptables save

 

It doesn't work. I tried Google nothing about it.

 

What are you guys doing? I know some run without iptables? Isn't that a little risky?

 

I mean iptables is a common way of blocking DDOS attacks, and so on?

Link to comment
Share on other sites

We're not using IPTables. Everything works well, and our servers hasn't been under attack yet.

The only server that has been under attack, is a server that's not protected.

 

And btw, 9 year old kids can DDoS by entering a IP in a stresser.

Link to comment
Share on other sites

We're not using IPTables. Everything works well, and our servers hasn't been under attack yet.

The only server that has been under attack, is a server that's not protected.

 

And btw, 9 year old kids can DDoS by entering a IP in a stresser.

 

What kind of DDOS protection do you have?

Link to comment
Share on other sites

We're using VAC. This is currently being tested, but works fine.

 

Hmm okay.. I don't know if I should just get some "DDoS protection" or null-route with iptables whenever I need to.. Put iptables REALLY do not like TCAdmin..

 

My IPTables keeps clearing.

Link to comment
Share on other sites

I got some trouble, setting up the scripts as well.

As i do now:

Always Save, the script, and the template, you were editing. ( I edit the main Windows template )

Then open the Linux template of the same game, save it as well, then click update the for the running configs.

Now it should be applied for the new, and the running ones.

If not, try after restarting tcadmin.

 

Btw. you're doing well by taking care of your firewall, i cannot even imagine how could an IT service provider not use firewall.

You are responsible the data, you're generating, and you're devices are just up for everyone without limitations.

That's the reason why DDOS exists, with lot's of zombie machines.

If everybody had proper firewall and security options, we weren't talking about defending ddos attacks.

Link to comment
Share on other sites

I got some trouble, setting up the scripts as well.

As i do now:

Always Save, the script, and the template, you were editing. ( I edit the main Windows template )

Then open the Linux template of the same game, save it as well, then click update the for the running configs.

Now it should be applied for the new, and the running ones.

If not, try after restarting tcadmin.

 

Btw. you're doing well by taking care of your firewall, i cannot even imagine how could an IT service provider not use firewall.

You are responsible the data, you're generating, and you're devices are just up for everyone without limitations.

That's the reason why DDOS exists, with lot's of zombie machines.

If everybody had proper firewall and security options, we weren't talking about defending ddos attacks.

 

Okay thanks for the tip. :)

 

I just talked to my server provider and they told me if they register a DDoS attack they will simply null-route the IP.

 

But I think I'm going to use IPTables just in case I have to null-route myself.

Link to comment
Share on other sites

What host are you using? Are they going to null route hundreds of IP's?

 

Hetzner.

 

I figured out the script. But I got a problem it won't save it:

 

#!/bin/bash
iptables -I INPUT -p tcp -m tcp --dport ${ThisService_GamePort} -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport ${ThisService_CustomPort1} -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport ${ThisService_CustomPort2} -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport ${ThisService_CustomPort3} -j ACCEPT
[b]/etc/init.d/iptables save[/b]

 

The /etc/init.d/iptables save won't work? I have to run it in PuTTy to save iptables to iptables.save?

Link to comment
Share on other sites

Hetzner.

 

I figured out the script. But I got a problem it won't save it:

 

#!/bin/bash
iptables -I INPUT -p tcp -m tcp --dport ${ThisService_GamePort} -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport ${ThisService_CustomPort1} -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport ${ThisService_CustomPort2} -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport ${ThisService_CustomPort3} -j ACCEPT
[b]/etc/init.d/iptables save[/b]

 

The /etc/init.d/iptables save won't work? I have to run it in PuTTy to save iptables to iptables.save?

Then you're getting some services that others aren't. For a couple of days ago, we we're offline for 5-6 hours do to a kid launched an attack on our website. We couldn't access our server at all, and no packets out of 10000 made it through. I emailed Hetzner, and they said we could only wait for the attack to be over. Then they disabled (I think they null routed all traffic) our IP. They don't offer any DDoS protection, and I have several emails from them stating that they don't.

Link to comment
Share on other sites

Then you're getting some services that others aren't. For a couple of days ago, we we're offline for 5-6 hours do to a kid launched an attack on our website. We couldn't access our server at all, and no packets out of 10000 made it through. I emailed Hetzner, and they said we could only wait for the attack to be over. Then they disabled (I think they null routed all traffic) our IP. They don't offer any DDoS protection, and I have several emails from them stating that they don't.

 

Really? Well someone told me they would just null-route the IP if the picked up someone DDoS'ing.

 

I knew that they weren't offering any DDoS protection.

 

Well then I guess, I have to use iptables to I can null-route the IP's myself..

Edited by Evilsystem
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Who's Online   0 Members, 0 Anonymous, 21 Guests (See full list)

    • There are no registered users currently online
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use