From Www.FreeNerd.net

This guide is provided for informational purposes only. If you choose to use this guide for anything more than information, you do so "At Your Own Risk".

Contents 1 incomplete guide. I will remove this when the guide is done. 2 Protocols 3 Ports 3.1 You will need to be aware of what ports you need to open on your server. The list below covers the ports and what they are used for. 3.2 Notes: 4 Red Hat / CentOS / Fedora 5 Ubuntu

incomplete guide. I will remove this when the guide is done.

One of the more complicated parts of setting up a secure Linux based SRCDS server is the firewall. In Linux the firewall is referred to as iptables. Iptables is basically a set of rules that will either be allowed or blocked by your servers network interface. Although how the iptables is configured will vary slightly between Linux distributions, the implementation of them is basically the same. I will cover Red Hat and Ubuntu in this guide, altering it for any other distribution flavor should be fairly simple. You will want console access before attempting to modify any iptables rules. If you make a mistake and lock yourself out of the server you'll need console access to remove the blocking rule.

Protocols

There are two types of protocols used to connect to your SRCDS server. TCP and UDP. For those who care to know more about the difference between the two protocols and how they work click HERE. It's a basic overview of the protocols and worth reading if you don't already know.

Ports

You will need to be aware of what ports you need to open on your server. The list below covers the ports and what they are used for.

• Steam Main - UDP 27000 - 27015
• Steam Main - TCP 27020 - 27039
• Steam CyberCafe - TCP 27040 - 27041
• Steam Friends - UDP 1200
• Steam Dedicated Server - UDP 27015 - 27050
• Steam HLTV - UDP 27020
• Rcon - TCP - Same port that your SRCDS game server is using

Notes:

• The port you set for your dedicated server will also be your rcon port. Remember that rcon uses TCP and you will need a separate rule to allow TCP connection to that port.
• To simplify things you can crate rules that cover a range of ports. If your server is running other applications you want to protect you should only allow the exact ports in that are needed.

Red Hat / CentOS / Fedora

In Red Hat distributions the iptables configuration file is located in /etc/sysconfig/iptables. You will need to edit this file.

vi /etc/sysconfig/iptables

Once the file is open you'll want to add lines to the RH-Firewall-1-INPUT section to allow ports into your server. The example below is a very broad allow rule, it allows all required ports inbound that you'll need but it's allowing for a broad range of ports that you may not need. If you want your server to be as secure as possible only allow the ports you need.

-A RH-Firewall-1-INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp -dport 27000:27020 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp -dport 1200 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp -dport 27000:27050 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp -dport 27000:27050 -j ACCEPT

Once you have made the changes to the file save it and reload iptables for the rules to take effect.

service iptables restart

check your rules and make sure they are setup as desired.

iptables -L

Ubuntu

A key difference in Ubuntu is that it's firewall rules take effect immediately when a change is made. Ubuntu will not load firewall rules on startup without you creating the command for it to do this in rc.local. Let's get started by adding the firewall rules. This is done via the command line.