iptables -A INPUT -p udp -m length --length 278:428 -j DROP
This blocks all incoming udp packets with a size between 278 bytes and 428 bytes. size here means the size of the ip packet including the ip and udp header. (ip header size = 20 bytes, udp header size = 8 bytes, so you have to substract 28 from the interval to get the actual size of the payload that udp packets get blocked for).
This will block all udp packets, so if you have other stuff running on your server that have udp packets with that size, they'll get blocked too.
"length" is commonly equal to "bytes" (or: the length is specified in bytes) when talking about network packets.
CS2D tries to keep UDP packet sizes below the MTU Ethernet v2 size (http://en.wikipedia.org/wiki/Maximum_transmission_unit) which is 1500 bytes.
Actually in most cases it will even try to keep the packet payload size under 1000 bytes (plain payload size, excluding headers).
So discarding packets with a size > 1500 (raw size, including headers) should be safe.
CS2D itself automatically ignores all packets with a payload size (headers excluded) of >= 5000 bytes.
Take care of other stuff running on your server though! It might be a good idea to limit the rule to the port(s) you are using for CS2D servers.
Also CS2D never sends completely empty UDP packets. So it's recommended to block these with
1
iptables -A INPUT -p udp -m length --length 0:28 -j DROP
This blocks all UDP packets with a size <= 28 bytes. Those are packets consisting just of an ip/udp header without any actual payload or simply strange bogus packets. Before using this rule make sure that you are not running any services on your system which have to be able to receive empty UDP packets (quite unlikely but not impossible) or limit the rule to port(s) you are using for CS2D servers.
It's not just the size that makes the server crash.
It depends on the content as well. You can't filter them easily.
I don't know which content leads to a crash, otherwise I would fix it.