Last active
September 21, 2023 17:27
-
-
Save Vince0789/7350328fb1f3d96c3c9b1870f50fa7df to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create a new chain | |
| iptables -N SAMPQUERY | |
| # check that incomming packet is a samp query packet and divert to the new chain | |
| # this inserts the rule as the first in the chain, but should probably be a bit further down (e.g. after checking lo interface) | |
| iptables -I INPUT -p udp \! -f -m udp --dport 7777 -m conntrack --ctstate NEW,ESTABLISHED -m u32 --u32 "0x0>>0x16&0x3c@0x8=0x53414d50" -j SAMPQUERY | |
| # only allow connection from ephemeral source ports | |
| # connection attempts from ports outside this range are likely rogue clients | |
| iptables -A SAMPQUERY -p udp --sport 49152:65535 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| iptables -A SAMPQUERY -j REJECT --reject-with icmp-port-unreachable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment