wiki:Ports

Version 2 (modified by Alloc, 10 years ago) (diff)

--

7dtd uses several ports to allow for its functionality. By default these are

Port Default Protocol Direction Used for
BasePort 25000 UDP In Game
BasePort+1 25001 UDP In Game
BasePort+2 25002 UDP In Game
WebControlPort 8080 TCP In Web based control panel
TelnetPort 8081 TCP In Telnet control
270xx UDP Out Registering at the server list
WebControlPort / TelnetPort
Only if enabled in serverconfig.
270xx
Should be in the range 27015 - 27030 according to Valve. But as others have been reported too I would simply suggest opening 27000 up to 27050 here.

If you have a firewall set up that blocks all traffic by default you have to open at least the Game ports (default 25000 - 25001). If you also want the server to be listed on the server list the 270xx ports have also to be opened. iptables rules for this could look like this:

iptables -A OUTPUT -s <yourServerIp>/32 -p udp --dport 27000:27099 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT  -d <yourServerIp>/32 -p udp --sport 27000:27099 -m state --state RELATED,ESTABLISHED     -j ACCEPT
iptables -A INPUT  -d <yourServerIp>/32 -p udp --dport 25000:25002 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s <yourServerIp>/32 -p udp --sport 25000:25002 -m state --state RELATED,ESTABLISHED     -j ACCEPT

Protecting the Telnet interface

Opening the 7dtd Telnet port to the whole internet may pose security issues as the connection has no protection. The least that could happen is people doing random stuff on your 7dtd server but it could also be that attackers find security holes in the engine and gain further access to the host.

Therefore you should block the ports used for Telnet by a firewall.

To block all traffic on a single port issue the following command:

iptables -A INPUT -eth0 -p tcp --dport 8081 -j DROP

This will drop all TCP packets that are received through the network interface eth0 for the destination port 8081. Adapt the port and incoming interface to your needs. If you want to block a whole range of ports, e.g. because you assign the ports 8900 to 8999 for the Telnet interfaces of multiple 7dtd instance you might simply put "--dport 8900:8999" in the command instead.