Tutorial TeamSpeak3 IPTABLES (99.9% DDOS PROTECTION)

Najsr

Moderator
TeamSpeak Developer
Apr 23, 2016
483
249
167
Also I would consider blocking port 10011 because it is a telnet => unsecure. Instead of it open port 10022 which is a port for TS3 Query over SSH which is secure
 

FromLondon

Honk Honk
TeamSpeak Developer
VIP
May 20, 2016
264
107
136
Also I would consider blocking port 10011 because it is a telnet => unsecure. Instead of it open port 10022 which is a port for TS3 Query over SSH which is secure
Nah, man
query through ssh is very slooooooooooooooooooooooow
 
U

User_38581

Just allow certain IP's, usually one from yourself to port 10011, and drop everything else ( On last rule of course )
 

NatureNMoon

Restricted
Jul 8, 2016
70
124
86
Is there anyway to recreate these rules without using ipset?
Apparently my barebones VPS doesn't support ipset.
It is so hard to recreate these rules without using the netfilter module, which is ipset. In this case, you should list the ip addresses. That's why, you should use ipset to list the ip addresses.
 

DouglasFerras

Member
Jun 25, 2017
3
1
50
Help me please
Error occurred at line: 20

Code:
-A PREROUTING -j R4P3 // send all packets to main R4P3 chain to block the traffic well"

What should I do?
 

NatureNMoon

Restricted
Jul 8, 2016
70
124
86
Help me please
Error occurred at line: 20

Code:
-A PREROUTING -j R4P3 // send all packets to main R4P3 chain to block the traffic well"

What should I do?
Please delete quotation mark, which is "
So the rule is going to be below;
Code:
-A PREROUTING -j R4P3 // send all packets to main R4P3 chain to block the traffic well
 

DouglasFerras

Member
Jun 25, 2017
3
1
50
Please delete quotation mark, which is "
So the rule is going to be below;
Code:
-A PREROUTING -j R4P3 // send all packets to main R4P3 chain to block the traffic well

Okay, now this is it ;/

Code:
root@vps11151:~# iptables-restore < firewall
iptables-restore v1.6.0: Set ts3_allowed doesn't exist.

Error occurred at line: 21
 

amsaal

VIP
Jul 28, 2015
273
102
122
root@ts3:~# sudo ./ts3-protection.sh
./ts3-protection.sh: 12: ./ts3-protection.sh: *raw: not found
./ts3-protection.sh: 13: ./ts3-protection.sh: Syntax error: "(" unexpected
root@ts3:~# nano ts3-protection.sh


how to fix?
 

MCGs

OG
Contributor
Mar 26, 2017
103
92
131
root@ts3:~# sudo ./ts3-protection.sh
./ts3-protection.sh: 12: ./ts3-protection.sh: *raw: not found
./ts3-protection.sh: 13: ./ts3-protection.sh: Syntax error: "(" unexpected
root@ts3:~# nano ts3-protection.sh


how to fix?
Open the script and check where the syntax error is located at. I guess you need to change something related to this.
 

DouglasFerras

Member
Jun 25, 2017
3
1
50
I need to leave two TCP ports always open, even for those who are not on TeamSpeak
how do I include this in this code?
 

Shuter165

New Member
Apr 19, 2021
3
0
3
2021-04-20 10:00:22.095253|INFO |ServerLibPriv | |TeamSpeak 3 Server 3.13.3 (2020-12-16 14:17:05)
2021-04-20 10:00:22.095643|INFO |ServerLibPriv | |SystemInformation: Linux 4.18.0-240.22.1.el8_3.x86_64 #1 SMP Thu Apr 8 19:01:30 UTC 2021 x86_64 Binary: 64bit
2021-04-20 10:00:22.095717|INFO |ServerLibPriv | |Using hardware aes
2021-04-20 10:00:22.097359|INFO |DatabaseQuery | |dbPlugin name: SQLite3 plugin, Version 3, (c)TeamSpeak Systems GmbH
2021-04-20 10:00:22.097442|INFO |DatabaseQuery | |dbPlugin version: 3.11.1
2021-04-20 10:00:22.098090|INFO |DatabaseQuery | |checking database integrity (may take a while)
2021-04-20 10:00:22.218570|INFO |Accounting | |Licensing Information
2021-04-20 10:00:22.218687|INFO |Accounting | |type : Non-Profit License
2021-04-20 10:00:22.219334|INFO |Accounting | |starting date : Thu Dec 31 00:00:00 2020
2021-04-20 10:00:22.219372|INFO |Accounting | |ending date : Wed Jul 21 00:00:00 2021
2021-04-20 10:00:22.219401|INFO |Accounting | |max virtualservers: 10
2021-04-20 10:00:22.219441|INFO |Accounting | |max slots : 512
2021-04-20 10:00:24.743229|INFO | | |Puzzle precompute time: 2473
2021-04-20 10:00:24.744042|INFO |FileManager | |listening on 0.0.0.0:30033
2021-04-20 10:01:18.300481|ERROR |Accounting | |Error contacting server https://accounting2.teamspeak.com: TIMEOUT
2021-04-20 10:02:14.346674|ERROR |Accounting | |Error contacting server https://backupaccounting2.teamspeak.com: TIMEOUT
2021-04-20 10:02:14.347068|ERROR |Accounting | |Unable to connect to accounting server
2021-04-20 10:02:16.856527|ERROR | | |TS3ANetwork::ResolveHostName failed error: -2 (Name or service not known) 0
2021-04-20 10:02:16.856663|ERROR | | |Could not open default UDP connection for weblist
2021-04-20 10:02:16.858587|INFO |Query | |Using a query thread pool size of 2
2021-04-20 10:02:17.009902|INFO |Query | |listening for query on 0.0.0.0:10011
2021-04-20 10:02:17.010804|INFO |Query | |listening for ssh query on 0.0.0.0:10022, [::]:10022
2021-04-20 10:02:17.015159|INFO |Query | |listening for http query on 0.0.0.0:10080, [::]:10080
2021-04-20 10:02:17.015493|INFO |CIDRManager | |updated query_ip_allowlist ips: 127.0.0.1/32, ::1/128,
2021-04-20 10:03:12.944912|INFO |ServerLibPriv | |failed to download revocation list - count: 1
 

Shuter165

New Member
Apr 19, 2021
3
0
3
Server restart every 2 hours
My iptables is
*raw
:pREROUTING ACCEPT [0:0]
:R4P3 - [0:0]
:TS3 - [0:0]
:pROTOCOL_MANAGER - [0:0]
:OUTPUT ACCEPT [559:74102]

#-A PREROUTING -j R4P3
-A R4P3 -m set ! --match-set gamesbond_whitelist src -d 185.22.153.73 -i eth0 -m set ! --match-set ts3_allowed src -j TS3

## TS3 RULES

-A TS3 -p tcp -m multiport --dports 22,30033,30034,41144 -j RETURN
-A TS3 -p udp --sport 53 -m length --length 750:65535 -j DROP
-A TS3 -p udp ! --sport 53 -m length --length 62 -m hashlimit --hashlimit-upto 5/sec --hashlimit-burst 10 --hashlimit-mode dstip --hashlimit-name ts3_ratelimit --hashlimit-htable-max 2000000 -m string --string "TS3INIT" --algo kmp -j SET --add-set ts3_allowed src
-A TS3 -m set ! --match-set ts3_allowed src -j DROP
-A TS3 -j PROTOCOL_MANAGER

## PROTOCOL MANAGER RULES

-A PROTOCOL_MANAGER -p tcp -j RETURN
-A PROTOCOL_MANAGER -p udp -j RETURN
-A PROTOCOL_MANAGER -j DROP
COMMIT
 

MCGs

OG
Contributor
Mar 26, 2017
103
92
131
Your server restarts every 2 hours, when accounting.teamspeak.com and accounting1.teamspeak.com cannot connect to your server. Make sure, that this network can connect to your server.

Also, some ports still need to stay open.
 
Top