Stateful SRCDS firewall
Posted: Tue Mar 27, 2018 4:13 am
Hello!
I'd like to make a stateful firewall for my srcds server (Team Fortress 2 specfically). Along side some other things i'm doing with my server's firewall to prevent DoS, one of things I'm unable to do is totally prevent UDP flooding unless I could do some kind of port knocking. To my knowledge; a connection to any source server starts with a valid TCP handshake on the server query port. Since that is the case, it's possible to keep UDP closed unless that TCP handshake was valid, then my firewall (IPTables) can allow that client to join over UDP.
I've seen this repo here:
https://github.com/KirillMysnik/SP-ConnectFilter
I'm not quite sure where to start on doing this, especially when it comes to finding those memory offsets to hook those functions?
Anyone have initial thoughts on this? Thanks! :D
I'd like to make a stateful firewall for my srcds server (Team Fortress 2 specfically). Along side some other things i'm doing with my server's firewall to prevent DoS, one of things I'm unable to do is totally prevent UDP flooding unless I could do some kind of port knocking. To my knowledge; a connection to any source server starts with a valid TCP handshake on the server query port. Since that is the case, it's possible to keep UDP closed unless that TCP handshake was valid, then my firewall (IPTables) can allow that client to join over UDP.
I've seen this repo here:
https://github.com/KirillMysnik/SP-ConnectFilter
I'm not quite sure where to start on doing this, especially when it comes to finding those memory offsets to hook those functions?
Anyone have initial thoughts on this? Thanks! :D