Tutorial VALVE DDOS PROTECTION (99.9%)

NatureNMoon

Supervisor
Joined
Jul 8, 2016
Messages
73
Reaction score
125
Points
86
Hi everyone

I saw many people who have some serious issues for valve games like CSGO, RUST etc...
If you are providing VALVE GAMES and under attack, please use the iptables rule set below;

If you do not have IPTABLES or IPSET, or you are not sure if you have them or not, please use the command line below;

For CentOS:
Code:
yum install iptables && yum install ipset
For Ubuntu/Debian:
Code:
apt-get install iptables && apt-get install ipset
Here is the iptables rule set for VALVE GAMES(Read the detailed description in the script)
Please put the bash script into a file called r4p3-valve.sh;
There is a command line "-d r4p3" in the bash script, please change it by using your external ip address. For example; "-d 67.67.67.67" or whatever it is.

Bash:
#!/bin/bash
# Daniel Q. - Nature N Moon - Valve DDOS Protection - R4P3.NET
# Use this command line "chmod 777 r4p3-valve.sh && ./r4p3-valve.sh"
# The IPTABLES script has been created to keep the Valve Servers alive by Natuere N Moon in R4P3.NET
# Your SSH port must be 22
# Your web applications must be 80 or 443
# File Transfer Port: 21
# There is a command line "-d r4p3" in the bash script, please change it by using your external ip address. For example; "-d 34.34.34.34" or whatever it is.

echo "R4P3 VALVE RULE SET HAS BEEN SUCCESSFULLY STARTED"
ipset create valve_allowed hash:ip hashsize 2097152 maxelem 40000000 timeout 259200

iptables -N R4P3_VALVE -t raw
iptables -N VALVE -t raw

iptables -A PREROUTING -t raw -j R4P3_VALVE

iptables -A R4P3_VALVE -d r4p3 -t raw -m set ! --match-set valve_allowed src -j VALVE

iptables -A VALVE -t raw -p tcp -m multiport --dports 21,22,80,443,27015:27030,27036:27037 -j RETURN
iptables -A VALVE -t raw -p udp --sport 53 -m length --length 750:65535 -j DROP
iptables -A VALVE -t raw -p udp ! --sport 53 -m hashlimit --hashlimit-upto 7/sec --hashlimit-burst 10 --hashlimit-mode dstip --hashlimit-name r4p3_valve --hashlimit-htable-max 2000000 -m string --string "TSource" --algo kmp -j SET --add-set valve_allowed src
iptables -A VALVE -t raw -m set ! --match-set valve_allowed src -j DROP

echo "R4P3 VALVE RULE SET HAS BEEN SUCCESSFULLY DONE"
How to start?
Code:
chmod 777 r4p3-valve.sh && ./r4p3-valve.sh
 
Last edited:

NatureNMoon

Supervisor
Joined
Jul 8, 2016
Messages
73
Reaction score
125
Points
86
Can I ask how come ports 27015:27030 are having -p tcp? Shouldn't they be under -p udp as port on which clients connect to on server? Or Im mistaken?
the action is RETURN instead of using ACCEPT action, everyone MUST USE -j RETURN action.
You may check my thread about IPTABLES https://ciphers.pw/threads/about-iptables.8014/
So about your question: For example, you want to protect your VALVE games, but you must protect your other ports except valve's ports, like 22 ssh tcp, 80 http tcp etc..
The command line says 21,22,80,433... can pass without mitigating but the rest must be checked by the other rules. As I mentioned above, check my thread about IPTABLES

Also, sometimes, STEAM VALVE sends some verifications packets that's why I let 27036-27037 tcp come in. When you use SYNPROXY for TCP traffic. SYNPROXY is going to block SYN floods, so you can just -j RETURN these ports from your raw chain in PREROUTING.

Sincerely.
 

applestar

Member
Joined
Sep 12, 2015
Messages
21
Reaction score
4
Points
50
Age
30
Its not working, because in your code unset variable "VALVE"
 
Last edited:

Ptx

New Member
Joined
Dec 16, 2019
Messages
1
Reaction score
0
Points
5
Age
25
I am thinking about creating a similar version of this for Firewalld, but before use a lot of time on that, have anyone else done this already?..
 

applestar

Member
Joined
Sep 12, 2015
Messages
21
Reaction score
4
Points
50
Age
30
Please use the command line below to create VALVE chain on RAW PREROUTING;
Code:
iptables -N VALVE -t raw
Why, after applying this script, the connection speed dropped very much when I connect to filezilla I wait almost a minute until I connect via SFTP or SSH to port 22.
But after the reboot command, all connections work quickly.
 

NatureNMoon

Supervisor
Joined
Jul 8, 2016
Messages
73
Reaction score
125
Points
86
Why, after applying this script, the connection speed dropped very much when I connect to filezilla I wait almost a minute until I connect via SFTP or SSH to port 22.
But after the reboot command, all connections work quickly.
It may be about SELinux, you may disable it. The rule contains 22 RETURN, there is no way to affect your connection to SSH 22 TCP.
 

applestar

Member
Joined
Sep 12, 2015
Messages
21
Reaction score
4
Points
50
Age
30
I think error in line
iptables -A VALVE -t raw -p udp ! --sport 53 -m hashlimit --hashlimit-upto 7/sec --hashlimit-burst 10 --hashlimit-mode dstip --hashlimit-name r4p3_valve --hashlimit-htable-max 2000000 -m string --string "TSource" --algo kmp -j SET --add-set valve_allowed src

"valve_allowed src -j RETURN"
 

NatureNMoon

Supervisor
Joined
Jul 8, 2016
Messages
73
Reaction score
125
Points
86
I think error in line
iptables -A VALVE -t raw -p udp ! --sport 53 -m hashlimit --hashlimit-upto 7/sec --hashlimit-burst 10 --hashlimit-mode dstip --hashlimit-name r4p3_valve --hashlimit-htable-max 2000000 -m string --string "TSource" --algo kmp -j SET --add-set valve_allowed src

"valve_allowed src -j RETURN"
my post above , please do it :) it will be fixed.
 

Top