Re: game server rules

[Filip Sneppe <filip.sneppe@cronos.be>]

On Fri, 2003-01-10 at 19:46, Dominic Irrcher wrote:
> hi,
> 
> was wondering if anyone has successfully setup a ruleset for a quake3 server
> with iptables ?

Hi,

Are you talking about running a quake3 server *on* your Linux
box, playing quake3 *from* your Linux machine, or allowing
quake3 traffic to be firewalled by your Linux machine.
I suspect it's one of the first two, but I couldn't get
that from your rules below...

Either way, this is how it works:

If you set up a server, you need to allow access to the
port you are running the server on, most often 27960, like
this:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --dport 27960 -j ACCEPT

If you want to play quake3 from your machine, the last
rule becomes:

iptables -A OUTPUT -p udp --dport 27960 -j ACCEPT

Same thing (kind of) for the FORWARD chain.

Now there's one more thing to know: if you play online
you will often connect to a master server, get a list
of ip addresses+ports from that server, and connect
to the individual game servers from there.

In that case, all the above won't work, since;
- some of those servers are not running on port 27960
- you're not allowing traffic to the master server
  that is running on port 27950

If these last two paragraphs best describe your
situation, and you want to enforce tight security
(ie. the easy way our for a home user is to allow
all udp traffic :-) ), you need the quake3 conntrack/nat
module from patch-o-matic.
 
Regards,
Filip