Created
February 20, 2016 13:35
-
-
Save Saren-Arterius/5c44cf3b30d632af6842 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script should be run by a Minecraft server | |
# Notice: You will NOT be able to connect ddos.protected-server.domain from the same | |
# public IP address as vulnerable-minecraft-server.domain has. I have wasted at least | |
# 8 hours then found out that. | |
REMOTE_DOMAIN="ddos.protected-server.domain" | |
PROTECTOR_PORT=8080 | |
PROTECTED_PORT=25565 | |
echo Fetching IPs... | |
PROTECTOR_IP=$(dig ${REMOTE_DOMAIN} | grep ${REMOTE_DOMAIN} | awk 'FNR == 3 {print $5}') | |
PROTECTED_IP=$(ip a | grep inet | awk 'FNR == 3 {print $2}' | sed 's/\/[0-9]\{1,\}//g') | |
echo Resetting... | |
sudo systemctl restart iptables | |
sudo modprobe -r ip_gre | |
sudo ip rule del pref 32765 | |
echo Setting up... | |
sudo iptables -I INPUT -p gre -s $PROTECTOR_IP -j ACCEPT | |
sudo ip tunnel add gre1 mode gre local $PROTECTED_IP remote $PROTECTOR_IP ttl 255 | |
sudo ip addr add 192.168.168.2/24 dev gre1 | |
sudo ip link set gre1 up | |
sudo ip rule add from 192.168.168.0/24 table MINECRAFT | |
sudo ip route add default via 192.168.168.1 table MINECRAFT | |
sudo iptables -A TCP -m tcp -p tcp -i gre1 -d 192.168.168.0/24 --dport $PROTECTED_PORT -j ACCEPT | |
echo Testing... | |
echo | |
echo Expected: connect success | |
LANG=en_US.UTF-8 curl http://google.com --interface 192.168.168.2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment