Why Game Servers Are Targeted
Game servers are common targets for DDoS attacks because they run on known ports, require low-latency connections, and disruption is immediately noticeable to players. Competitors, disgruntled players, or trolls may target your server.
Basic Protection
Firewall Rules
# Only allow necessary ports
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp # SSH
sudo ufw allow GAME_PORT/udp # Your game port
sudo ufw enableRate Limiting with iptables
# Limit connections per IP to game port
sudo iptables -A INPUT -p udp --dport GAME_PORT -m connlimit --connlimit-above 5 -j DROP
# Rate limit new connections
sudo iptables -A INPUT -p udp --dport GAME_PORT -m recent --set --name GAME
sudo iptables -A INPUT -p udp --dport GAME_PORT -m recent --update --seconds 10 --hitcount 20 --name GAME -j DROPFail2Ban for Game Servers
While Fail2Ban is typically used for SSH, you can create custom jails for game server abuse:
sudo tee /etc/fail2ban/jail.d/gameserver.conf <<EOF
[gameserver]
enabled = true
port = GAME_PORT
protocol = udp
filter = gameserver
logpath = /path/to/game/logs
maxretry = 50
findtime = 60
bantime = 3600
EOFKeep Your IP Private
- Use a separate IP for SSH management vs game traffic if possible
- Do not share your server IP on public forums without protection
- Consider using a proxy service for game traffic
If You Are Under Attack
- Identify the attack type (volumetric, protocol, application)
- Check your server logs and
ss -tunp - Temporarily restrict traffic to known player IPs
- Contact your hosting provider for upstream mitigation