-
-
Save spacemud/7edc1742c875bfa10b45667875698d25 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# create a new chain | |
iptables -N SAMPQUERY | |
# check that incomming packet is a samp query packet and divert to the new chain | |
# this inserts the rule as the first in the chain, but should probably be a bit further down (e.g. after checking lo interface) | |
iptables -I INPUT -p udp \! -f -m udp --dport 7777 -m conntrack --ctstate NEW,ESTABLISHED -m u32 --u32 "0x0>>0x16&0x3c@0x8=0x53414d50" -j SAMPQUERY | |
# only allow connection from ephemeral source ports | |
# connection attempts from ports outside this range are likely rogue clients | |
iptables -A SAMPQUERY -p udp --sport 49152:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
iptables -A SAMPQUERY -j REJECT --reject-with icmp-port-unreachable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment