Skip to content

Instantly share code, notes, and snippets.

@spacemud
Forked from Vince0789/samp-iptables.sh
Created January 10, 2022 15:17
Show Gist options
  • Save spacemud/7edc1742c875bfa10b45667875698d25 to your computer and use it in GitHub Desktop.
Save spacemud/7edc1742c875bfa10b45667875698d25 to your computer and use it in GitHub Desktop.
# create a new chain
iptables -N SAMPQUERY
# check that incomming packet is a samp query packet and divert to the new chain
# this inserts the rule as the first in the chain, but should probably be a bit further down (e.g. after checking lo interface)
iptables -I INPUT -p udp \! -f -m udp --dport 7777 -m conntrack --ctstate NEW,ESTABLISHED -m u32 --u32 "0x0>>0x16&0x3c@0x8=0x53414d50" -j SAMPQUERY
# only allow connection from ephemeral source ports
# connection attempts from ports outside this range are likely rogue clients
iptables -A SAMPQUERY -p udp --sport 49152:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A SAMPQUERY -j REJECT --reject-with icmp-port-unreachable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment