[MUST SEE] Anti Ddos
Posted: Sun Jan 02, 2011 2:21 am
L2J Revision: latest
L2JDP Revision: latest
Hi everyone. I am trying to insert Ddos protection (iptables) for loginserver, but i need some help. Help me to make it working
anti_ddos.sh
loginserver.properties
Config.java
RequestAuthLogin.java
L2JDP Revision: latest
Hi everyone. I am trying to insert Ddos protection (iptables) for loginserver, but i need some help. Help me to make it working
anti_ddos.sh
Code: Select all
#!/bin/sh IPT=/sbin/iptables UNPRIPORTS="1024:65535" INET_IFACE="eth0" $IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT $IPT -A OUTPUT -o eth0 -j ACCEPT $IPT -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT $IPT -A INPUT -i eth0 -p tcp -m tcp --dport 2106 -j ACCEPT $IPT -A INPUT -i eth0 -p tcp --dport 7000 -j ACCEPT $IPT -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT $IPT -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT -s 127.0.0.1 $IPT -A INPUT -i eth0 -p tcp -m tcp --dport 7777 -j DROP $IPT -I INPUT -i eth0 -p tcp --dport 2106 -m connlimit --connlimit-above 2 -j DROP $IPT -I INPUT -i eth0 -p tcp --dport 7777 -m connlimit --connlimit-above 5 -j DROP $IPT -A INPUT -p icmp -i eth0 -j ACCEPT $IPT -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT $IPT -A INPUT -i eth0 -p tcp --dport 110 -j ACCEPT $IPT -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK SYN -j REJECT --reject-with icmp-port-unreachable $IPT -A INPUT -p icmp --icmp-type 8 -s 0/0 $IPT -A INPUT -p udp -m udp -i $INET_IFACE --dport $UNPRIPORTS --sport 53 -j ACCEPT $IPT -A INPUT -p tcp -m tcp -i $INET_IFACE --dport 1024:65353 --sport 53 -j ACCEPT $IPT -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 21 -j ACCEPT ! --syn $IPT -A INPUT -p tcp -m tcp -m multiport -i $INET_IFACE --dport $UNPRIPORTS -j ACCEPT --sports 80,443 ! --syn $IPT -A INPUT -p tcp -m tcp -i $INET_IFACE --dport $UNPRIPORTS --sport 25 -j ACCEPT $IPT -P INPUT DROP $IPT -P OUTPUT ACCEPTCode: Select all
@@ -94,2 +94,10 @@ Assert = False Developer = False++# ---------------------------------------------------------------------------+# Anti Ddos+# ---------------------------------------------------------------------------++# EnableDdosProSystem = True+# Deny_noallow_ip_ddos = /sbin/iptables -I INPUT 13 -p tcp --dport 7777 -s $IP -j ACCEPT+# Fulllog_mode_print = falseCode: Select all
+ public static boolean ENABLE_DDOS_PROTECTION_SYSTEM;+ public static boolean ENABLE_DEBUG_DDOS_PROTECTION_SYSTEM;+ public static String DDOS_COMMAND_BLOCK; // -------------------------------------------------- // MMO Settings@@ -3548,5 +3553,9 @@ LOGIN_ATTEMPT_CHECK_ENABLE = getBoolean(properties, override, "EnableLoginAttemptInfo", false);- ++ ENABLE_DDOS_PROTECTION_SYSTEM = getBoolean(properties, override,"EnableDdosProSystem", false);+ DDOS_COMMAND_BLOCK = getString(properties, override, "Deny_noallow_ip_ddos", "/sbin/iptables -I INPUT -p tcp --dport 7777 -s $IP -j ACCEPT");+ ENABLE_DEBUG_DDOS_PROTECTION_SYSTEM = getBoolean(properties, override, "Fulllog_mode_print", false);Code: Select all
@@ -112,4 +112,15 @@ LoginController lc = LoginController.getInstance(); L2LoginClient client = getClient();+ + InetAddress address = getClient().getConnection().getInetAddress();+ if(address == null) + {+ _log.warning("Socket is not connected: " + client.getAccount());+ client.close();+ return;+ }+ String addhost = address.getHostAddress(); try {@@ -129,4 +140,20 @@ getClient().sendPacket(new ServerList(getClient())); }+ if(Config.ENABLE_DDOS_PROTECTION_SYSTEM) {+ String deny_comms = Config.DDOS_COMMAND_BLOCK;+ deny_comms = deny_comms.replace("$IP", addhost);+ try {+ Runtime.getRuntime().exec(deny_comms);+ if(Config.ENABLE_DEBUG_DDOS_PROTECTION_SYSTEM) {+ System.out.println("Accepted IP access GS by "+addhost);+ System.out.println("Command is"+deny_comms);+ }+ } catch(Exception e) {+ System.out.println("Accepts by ip "+addhost+" no allowed");+ System.out.println("Command is"+deny_comms); + }+ } break; case INVALID_PASSWORD:
