.:: Bots United ::. - View Single Post - How to get acces to the UDP socket stats in cstrike/hlds_l

Onno Kreuzinger · *Last edited by Onno Kreuzinger; 03-08-2004 at 03:12..*

Hi coders

i need help on making a very simple, yet efficent plugin, the anti DoS/dynamic iptables plugin.

i do need a very basic plugin accepting one argument, the numer of connections per ip per second, each ip over this limit should be written to a simple textfile. this textfile will be used genereate iptables rules on the fly.

i looked every where, there is no patch or tool to limit the number of udp packets per second per ip in linux (or windows).

well as the name suggest it is a linux thingie, but since a lot of server do run linux i think its ok to suggest it.

i can spare the iptables scripts, a testserver and the common sense, i migth even only need some basic framework and some explanations from where to get the number of packets efficently.

i had different alternatives in mind which would not need coding inside hlds:
1) use netstat and grep to get some basic data (uhhhahah bad idea)
2) parse the hlds log file and extract the logged in ip's, allow those at full speed, set a iptables general limit for all other ips on the hlds port (would nuke your public ping probably, but the clan match can't be DoS'ed easily)

and last but not least the still can flood you, if they saturate your switch port, you are dead anyways

	(#1)
Onno Kreuzinger aka: memed / Server Admin Status: Offline Posts: 705 Join Date: Jan 2004 Location: germany	How to get acces to the UDP socket stats in cstrike/hlds_l - 03-08-2004 Hi coders i need help on making a very simple, yet efficent plugin, the anti DoS/dynamic iptables plugin. i do need a very basic plugin accepting one argument, the numer of connections per ip per second, each ip over this limit should be written to a simple textfile. this textfile will be used genereate iptables rules on the fly. i looked every where, there is no patch or tool to limit the number of udp packets per second per ip in linux (or windows). well as the name suggest it is a linux thingie, but since a lot of server do run linux i think its ok to suggest it. i can spare the iptables scripts, a testserver and the common sense, i migth even only need some basic framework and some explanations from where to get the number of packets efficently. i had different alternatives in mind which would not need coding inside hlds: 1) use netstat and grep to get some basic data (uhhhahah bad idea) 2) parse the hlds log file and extract the logged in ip's, allow those at full speed, set a iptables general limit for all other ips on the hlds port (would nuke your public ping probably, but the clan match can't be DoS'ed easily) and last but not least the still can flood you, if they saturate your switch port, you are dead anyways sunny morning view from my balcony: see our WIKI! see our filebase! Last edited by Onno Kreuzinger; 03-08-2004 at 03:12..