Help with Iptables rules

[Smoke]

Hi,

I'm trying to find out a suitable rule for iptables for the three udp ports to rid DDoS attacks. I found this somewhere and was trying to edit it but I thought asking for help here would be a better idea as I needed to know the maximum packet lengths used by the emulator.

iptables -A INPUT -p udp --dport 5121 -m length --length 2401:65535 -j DROP
iptables -A INPUT -p udp --dport 6121 -m length --length 2401:65535 -j DROP
iptables -A INPUT -p udp --dport 6900 -m length --length 2401:65535 -j DROP

I'd really like some help with editing these.

[Smoke]

Bump! really? nobody wants to fight DDoS?

[Asura]

Hi Smoke,

What makes you think that by allowing a certain size that your attacks would not just generate packets which fit your criteria to spam those ports?

It'd be better if you used a packet limit per second with a burst, and if an IP exceeds that limit; drop the connection.

[Smoke]

I just found these codes over some forum. Some dude was facing a similar issue. But you couldn't just edit and post the command temporarily saving 100+ servers out there, could you? >.>

[Asura]

Hi Smoke,

There is no code that can save 100+ servers; otherwise I wouldn't have to go out of my way to spend a lot of money on a dedicated filter for my own services. If it was really that simple, I am sure everyone would be using IPTables instead of spending hundreds on a DDOS Protected Dedicated Server.

Wouldn't you think if there was a ruleset that could fully prevent a DDOS attack from working, people would have already replied to this topic by now? Think about it logically.

[Smoke]

Yeah its so costly, and we spend for something that shouldn't occur in the first place. What's sad is that normal players are now aware of how to DDOS.

[Asura]

Hi Smoke,

This is incorrect... they really have no clue how to DDOS, instead they spend $10-$20 a month for a booter they find on a specific forum and just perform SYN attacks or UDP floods for a certain amount of time at a time.