iptables 1.4.12 反转和 --u32

iptables 1.4.12 反转和 --u32

脚本中的这一行:

iptables -A jk2_ddos -m u32 ! --u32 "0x1c=0xffffffff" -j ACCEPT

将导致此错误:

iptables v1.4.12: u32: option "--u32" cannot be inverted. 

这似乎在 iptables 1.4.12 中不起作用。在旧版本中它可以工作。我需要一些可以做同样事情的东西。问题是我是个菜鸟。

这句话是真的还是无稽之谈?

iptables -A jk2_ddos -m u32 --u32 "0x1c=0xffffffff" -j REJECT

感谢您的帮助

编辑:这是完整的脚本。

# create chain

iptables -N jk2_ddos

# accept real client/player traffic
iptables -A jk2_ddos -m u32 ! --u32 "0x1c=0xffffffff" -j ACCEPT

# match "getstatus" queries and remember their address
iptables -A jk2_ddos -m u32 --u32 "0x20=0x67657473&&0x24=0x74617475&&0x25&0xff=0x73" -m recent --name getstatus --set

# drop packet if "hits" per "seconds" is reached
#
# NOTE: if you run multiple servers on a single host, you will need to higher these limits
# as otherwise you will block regular server queries, like Spider or QConnect
# e.g. they will query all of your servers within a second to update the list
iptables -A jk2_ddos -m recent --update --name getstatus --hitcount 10 --seconds 3 -j DROP

# accept otherwise
iptables -A jk2_ddos -j ACCEPT

# finally insert the chain as the top most input filter

# single server
iptables -I INPUT 1 -p udp --dport 28070 -j jk2_ddos

相关内容