Stateful SRCDS firewall

[Zeus]

Hello!

I'd like to make a stateful firewall for my srcds server (Team Fortress 2 specfically). Along side some other things i'm doing with my server's firewall to prevent DoS, one of things I'm unable to do is totally prevent UDP flooding unless I could do some kind of port knocking. To my knowledge; a connection to any source server starts with a valid TCP handshake on the server query port. Since that is the case, it's possible to keep UDP closed unless that TCP handshake was valid, then my firewall (IPTables) can allow that client to join over UDP.

I've seen this repo here:
https://github.com/KirillMysnik/SP-ConnectFilter

I'm not quite sure where to start on doing this, especially when it comes to finding those memory offsets to hook those functions?
Anyone have initial thoughts on this? Thanks! :D

[Zeus]

So i did some testing, it looks like the connection is a direct UDP connect and does not actually do any port knocking.

Code: Select all

$ tcpdump -n -i ens3 "host x.x.x.x and port 27015"

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
04:35:23.680806 IP x.x.x.x.46029 > x.x.x.x.27015: UDP, length 20
04:35:29.696099 IP x.x.x.x.46029 > x.x.x.x.27015: UDP, length 20
04:35:35.711757 IP x.x.x.x.46029 > x.x.x.x.27015: UDP, length 20
04:35:41.741033 IP x.x.x.x.46029 > x.x.x.x.27015: UDP, length 20


Looks like it'll retry 4 times then quit. I might look into how src handles this connection to see if this would still be possible

[Ayuto]

This might help you:
https://forums.alliedmods.net/showthread.php?t=303299