And last fix is about bruteforce so rcon cant be used.
From Aluigi
"The Quake 3 engine uses an anti-brute forcing mechanism which tells the
engine to process only one rcon command each half second, and it's not
important if a valid admin sends a valid rcon command because if it's
arrived after another invalid command send by another IP within the
same half-second, it will be dropped.
In short if an attacker sends more than 2 packets per second the RCON service
will become unavailable for the valid remote admin.
That's caused by an anti brute-forcing check which drops all the packets arrived
within half second from the previous one.
http://aluigi.altervista.org/patches/q3rconz.lpatch