- Rust by default holds 3 Ports, Rust Connection, Rcon and Rust+ Companion App, However you can also assign a port for Query, however by default without a query port set it will assume the same port as Rust, so this port is not needing to be set, however you can, for this instance I will stick to the 3 core Ports, Rust Connection (UDP), Rust RCON (TCP) and Rust+ (TCP).
Pterodactyl Ports that I will be using.
UFW Ubuntu firewall manager.
- To start with we will apply the ports on the backend, for this example I will be using UFW, If you used our previous guide for Pterodactyl install you will notice multiple ports already defined in your UFW status, 22/tcp for SSH, 80 for WebServer, 443 for Webserver TLS/SSL, 8080 for Pterodactyl and 2022 also for Pterodactyl.
- You can check your UFW status by typing in the console - ufw status
Here we will define 3 more Rules for our rust server, I will be using the following rules
- 28015/udp (Rust server connection)
- 28016/tcp (Rust Rcon+Query)
- 10001/tcp (Rust+ Companion App)
To apply these all we're going to do is use the ufw allow command
- ufw allow 28015/udp
- ufw allow 28016/tcp
- ufw allow 10001/tcp
With that being done our back-end ports have been set, however there is one more thing to do, we want to change UFW to a deny state rather than prioritise, Be sure that with this change you have allowed SSH connections otherwise you will lose access to your dedicated server/vps
- sudo ufw default deny incoming
Windows Firewall Rules
You may find that you need to also set Firewall rules if your rust server is on Windows, head over to the Windows Firewall Management, on Inbound + Outbound Create new Rules
- Type: Port - Port: 28015 - Protocol: UDP - Name: Rust Connection
- Type: Port - Port: 28016 - Protocol: TCP - Name: Rust RCON
- Type: Port - Port: 10001 - Protocol: TCP - Name: Rust+ Mobile
You may also want to setup Edge Filters/Firewall rules from Path.net, you can do this by contacting us via a support ticket and mention the ports/rules/filters you wish to be applied and we'll get them applied for you asap!, Once our custom filter manager is available for client use, this guide will be updated to include new information based on our panel!
now onto our Edge Rules/Filters, due to our link with Path.net we can define edge firewall rules/filters, Unfortunately for now our Filter Manager is offline, however you can open a ticket allowing us to assign them for you (This guide will be updated once the new filter page is released), we have 2 things to work with, Firewall rules and Filters, let's start with firewall rules, below are the firewall rules we will setup.
Port - Protocol - Action - Source(If any)
- 0.0.0.0/0 - DENY ALL (Port Punch), we do this to block all access outside of the rules we define
- 28015 - udp - allow all (this allows connections to the rust server)
- 28016 - tcp - This one can be done in two ways, Allow all, OR if you are savy and wish for extra security you can only allow connections to it from Battlemetrics and Tebex/CraftingStore, this will add multiple layers of protection for you, the setup for this would look like this; 28016 - tcp - allow from - 51.79.45.167
28016 - tcp - allow from - 142.44.175.123
28016 - tcp - allow from - 167.114.219.233
28016 - tcp - allow from - 51.222.127.205
28016 - tcp - allow from - 51.222.127.206
28016 - tcp - allow from - 51.222.127.207 - 10001 - tcp - allow all (Our elected Rust+ port)
- 8080 - tcp - allow all (Our Pterodactyl Ports)
- 2022 - tcp - allow all (Our Pterodactyl Ports)
- 22 - tcp - allow all OR allow from (Your IP), this is our SSH port, this can either be locked to your IP if you have a static IP, or allow all allowing all connections on 22
- 443 - tcp - allow all (Used for SSL/TLS - Pterodactyl Web server) - OR 80 if you are not using SSL/TLS
The List of current Battlemetrics IP's from 14/05/2022 are the following
- 51.79.45.167
- 142.44.175.123
- 167.114.219.233
- 51.222.127.205
- 51.222.127.206
- 51.222.127.207
With those being done that is our main Firewall rules laid out for Path.net, our last option is for Edge Filters
- Source Engine Queries - 28015 - Strict Mode False (This filter enables layer 7 proxy for Source Engine queries. Can be enabled together with RakNet or HL2/Source filter.)
- Raknet Server V2 - 28015 - Accept Server Queries (This filter enables layer 7 packet validation for RakNet game packets. Can be enabled together with the Source Engine Query filter.)
- TCP Service Symmetric - 10001 - Per Connections max packets can be set as you please. (This filter enables full packet validation for incoming TCP connections. Requires that the return traffic is routed through Path.)
