Ports aren’t really getting blocked with iptables [closed]

tcpdump shows what is going on the wire. It doesn’t tell you if that packet will be forwarded elsewhere or processed by the machine or dropped, it doesn’t tell you if the machine was generated control messages (ICMP) in response of that packet – it just says: that packet was either entering the machine from the network or leaving the machine.

I believe, in your case the packet to udp 27015 indeed was reached the machine. This is why it showed up in the tcpdump. Then, if the ruleset you posted was really applied to the machine, that packet was dropped by the rule on the line 8. Presence in tcpdump log doesn’t say your firewall is not working. tcpdump simply is not right tool to analyse what is going with the packet after it entered the machine.

You can’t control what others send. You only control what you do with that. You set firewall to drop everything – which will not stop anybody from sending traffic to you. Think: if they scream your eardrums will oscillate, even if you don’t pay any attention to these screams.

This is how “bandwidth” DoS attacks are possible – attacker doesn’t need for victim to have any weaknesses, they just flood their full bandwitch with bulk of waste traffic, preventing legitimate traffic to reach victim.

The only way to fight this is to have higher bandwidth (in general, you need more bandwidth than attacker could arrange for attack).