Security settings for dedicated server

[d47081]

I'm beginner in HL, so could you please advice about security settings for public server running on xash3d?

At this moment, I have following command (running by separated user with systemd on linux machine)

xash3d -dedicated -port6 27015 -ip6 xxx.xxx.xxx -noip -maxplayers 8 -map crossfire

port 27015 opened in firewall, the game data just copied to server from my local client.

Everything works well, but worried a bit it's ready for public access, like ~ access is safe etc

Thanks!

[nekonomicon]

You can additionaly disable access to rcon via rcon_enable cvar. Because currently rcon does not have normal password protection + it can be used for DDoS.

[d47081]

Could you please explain the file/line where to disable?

It's maybe here valve/default.cfg

[d47081]

So finally, have tested - seems that everything is safety to launch, console commands including - for any acts, there's localhost connection required.

Just not understand how to prevent DDoS issue, maybe I could delegate it to the server environment

[mittorn]

rcon uses out of band packets and it may be potentially used for ddos boosting Also, passwords are not encrypted, so it may be sniffed. So it's safer to use ssh and screen for console. I still using rcon sometimes, but only on host without any critical data Also if you are unsure about server security, you may harden it with asan (-T sanitize in configure) to prevent buffer overflow attacks. If you have any sensitive data on server, you may isolate it in container. Dedicated server for new engine is not much tested

[a1batross]

It's not like old engine dedicated server isn't full of possible security bugs, considering that it's not maintained anymore :)