Hello
I'm new to FreeBSD and would like some help with a problem. I'm currently planning to move my game server from a Linux to a FreeBSD server. The server would host a website, need SSH access and possibly, I might set up a mail server in it. For my other needs, I have found informative resources. But not for this particular firewall problem. The problem is that the game server is running an old Quake3 based game engine, which can be used to DDoS other servers. To stop this, I have both patched the server engine and applied similar to the following rules in my Linux server firewall:
The first rule checks if the packet is an in-game packet and lets it pass through directly if it is. The in-game packets never have -1 as a 4 byte integer in the beginning of the UDP data. The following rules only check if the packet contains a getstatus request and limits the number of those requests. The DDOS exploitability is based on that whoever is doing it, can spoof the target IP in the packet and the server will respond with about 1.5 kB responses on each request. The request size is usually just 13 bytes inside the diagram. It is not possible to take the full load of the requests with the game server even if it is patched. It would stop responding but the players would still suffer from the packet load.
I have searched for similar things done with FreeBSD firewalls without finding any. I have found some posts that say this kind of text searching is not desired in the kernel. I'm seeking for help and suggestions how this could be solved and which one of the three firewalls would you recommend. I plan on picking one firewall and sticking with it unless it doesn't work for all the future purposes.
I'm new to FreeBSD and would like some help with a problem. I'm currently planning to move my game server from a Linux to a FreeBSD server. The server would host a website, need SSH access and possibly, I might set up a mail server in it. For my other needs, I have found informative resources. But not for this particular firewall problem. The problem is that the game server is running an old Quake3 based game engine, which can be used to DDoS other servers. To stop this, I have both patched the server engine and applied similar to the following rules in my Linux server firewall:
Code:
iptables -N Q3_27960
iptables -A Q3_27960 -m string ! --hex-string "|FF FF FF FF|" --algo bm --from 27 --to 30 -j ACCEPT
iptables -A Q3_27960 -m string --algo bm --string "getstatus" -m recent --set --name getstatus
iptables -A Q3_27960 -m recent --update --seconds 2 --hitcount 4 --name getstatus -j DROP
iptables -A Q3_27960 -j ACCEPT
iptables -A INPUT -p udp --dport 27960 -j Q3_27960I have searched for similar things done with FreeBSD firewalls without finding any. I have found some posts that say this kind of text searching is not desired in the kernel. I'm seeking for help and suggestions how this could be solved and which one of the three firewalls would you recommend. I plan on picking one firewall and sticking with it unless it doesn't work for all the future purposes.
