Sudo firewall-cmd -zone="public" -add-forward-port=port=4380:proto=udp:toport=1025-65355 -permanent Set up your ruleset: sudo firewall-cmd -zone="public" -add-service=ssh -permanent If you ever import new rules into your firewall in the future, be sure to reconfigure iptables-persistent again afterward: sudo dpkg-reconfigure iptables-persistent Pkts bytes target prot opt in out source destinationĠ 0 ACCEPT all - lo any anywhere anywhereĠ 0 REJECT all - !lo any localhost/8 anywhere reject-with icmp-port-unreachableĠ 0 ACCEPT icmp - any any anywhere anywhere state NEW icmp echo-requestĠ 0 ACCEPT tcp - any any anywhere anywhere state NEW tcp dpt:sshĠ 0 ACCEPT udp - any any anywhere anywhere udp dpts:27000:27030Ġ 0 ACCEPT udp - any any anywhere anywhere udp dpt:4380Ġ 0 ACCEPT all - any any anywhere anywhere state RELATED,ESTABLISHEDĠ 0 LOG all - any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "iptables_INPUT_denied: "Ġ 0 REJECT all - any any anywhere anywhere reject-with icmp-port-unreachableĬhain FORWARD (policy ACCEPT 0 packets, 0 bytes)Ġ 0 LOG all - any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "iptables_FORWARD_denied: "Ĭhain OUTPUT (policy ACCEPT 60 packets, 8304 bytes) The output should look similar to: Chain INPUT (policy ACCEPT 0 packets, 0 bytes) If iptables-persistent was already installed, reconfigure the package so that it recognizes your new rulesets: sudo dpkg-reconfigure iptables-persistentĬonfirm that your firewall rules are active: sudo iptables -vL If you don’t install this software, your firewall rules will not persist through reboots of your Linode. Import the rulesets into your firewall to activate them: sudo iptables-restore < ~/v4 Steam currently supports multiplayer play over IPv4 only, so a Steam server only needs basic IPv6 firewall rules, shown below. See this Steam Support page for more information. Steam can also use multiple port ranges for various purposes, but they should only be allowed if your game(s) make use of those services. Some Steam games require a few additional rules which can be found in our Steam game guides. A INPUT -m limit -limit 3/min -j LOG -log-prefix "iptables_INPUT_denied: " -log-level 7 -A FORWARD -m limit -limit 3/min -j LOG -log-prefix "iptables_FORWARD_denied: " -log-level 7 # Reject all other inbound. # Log what was incoming but denied (optional but useful). A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT # Allow inbound traffic from established connections. A INPUT -p udp -m udp -dport 4380 -j ACCEPT A INPUT -p udp -m udp -dport 27000:27030 -j ACCEPT A INPUT -p tcp -m state -state NEW -dport 22 -j ACCEPT A INPUT -p icmp -m state -state NEW -icmp-type 8 -j ACCEPT # Allow all loopback (lo0) traffic and reject traffic # to localhost that does not originate from lo0. If instead you are using firewalld (as in Linode’s CentOS 7 and Fedora images), follow the Configure your Firewall Using FirewallD section.Ĭreate two files named v4 and v6 in your home directory to record your IPv4 and IPv6 firewall rules: If you are using iptables (which is set in Linode’s Ubuntu and Debian images by default), follow the Configure your Firewall Using IPTables section. Be sure to give the steam user sudo privileges. Make the username steam to coincide with the rest of Linode’s Steam guides, as well as Valve’s official documentation. Use our Setting Up and Securing a Compute Instance guide to:Īdd a limited Linux user to your server. Game servers and clients are an especially ripe target for attack. For more information about how screen works, review the rest of our Using GNU Screen to Manage Persistent Terminal Sessions guide. Install the screen utility, which will be used later when running SteamCMD. See our Getting Started with Linode and Creating a Compute Instance guides. If you have not already done so, create a Linode account and Compute Instance. If you’re not familiar with the sudo command, you can check our Users and Groups guide. Commands that require elevated privileges are prefixed with sudo. This guide is written for a non-root user.
0 Comments
Leave a Reply. |