cc32d9/EOSIO_public_node_DOS_protectrion.sh

## EOSIO_public_node_DOS_protectrion.sh
apt install iptables-persistent

cat >/usr/share/netfilter-persistent/plugins.d/ddos <<'EOT'
#!/bin/sh
case $1 in

    start)
iptables -N eosio-api
iptables -N eosio-apisyn
iptables -N eosio-p2p

iptables -A eosio-api -m hashlimit --hashlimit-above 200/sec --hashlimit-mode srcip --hashlimit-name api_hash -j DROP
iptables -A eosio-apisyn -m hashlimit --hashlimit-above 10/sec --hashlimit-mode srcip --hashlimit-name apisyn_hash -j DROP
iptables -A eosio-p2p -m hashlimit --hashlimit-above 10/min --hashlimit-mode srcip --hashlimit-name p2p_hash -j DROP

iptables -A INPUT -p tcp -m tcp --dport 9000:9999 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-p2p

iptables -A INPUT -s 212.32.241.250/32 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-apisyn
iptables -A INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-apisyn
iptables -A INPUT -p tcp -m tcp --dport 80 -j eosio-api
iptables -A INPUT -p tcp -m tcp --dport 443 -j eosio-api
        ;;

    stop|flush)
iptables -D INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-apisyn
iptables -D INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-apisyn
iptables -D INPUT -p tcp -m tcp --dport 80 -j eosio-api
iptables -D INPUT -p tcp -m tcp --dport 443 -j eosio-api
iptables -D INPUT -s 212.32.241.250/32 -j ACCEPT

iptables -D INPUT -p tcp -m tcp --dport 9000:9999 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-p2p

iptables -F eosio-api
iptables -F eosio-apisyn
iptables -F eosio-p2p
        ;;
    save)
        ;;
esac
EOT


chmod u+x /usr/share/netfilter-persistent/plugins.d/ddos
/usr/share/netfilter-persistent/plugins.d/ddos start

## before editing, do:
/usr/share/netfilter-persistent/plugins.d/ddos flush
	apt install iptables-persistent

	cat >/usr/share/netfilter-persistent/plugins.d/ddos <<'EOT'
	#!/bin/sh
	case $1 in

	start)
	iptables -N eosio-api
	iptables -N eosio-apisyn
	iptables -N eosio-p2p

	iptables -A eosio-api -m hashlimit --hashlimit-above 200/sec --hashlimit-mode srcip --hashlimit-name api_hash -j DROP
	iptables -A eosio-apisyn -m hashlimit --hashlimit-above 10/sec --hashlimit-mode srcip --hashlimit-name apisyn_hash -j DROP
	iptables -A eosio-p2p -m hashlimit --hashlimit-above 10/min --hashlimit-mode srcip --hashlimit-name p2p_hash -j DROP

	iptables -A INPUT -p tcp -m tcp --dport 9000:9999 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-p2p

	iptables -A INPUT -s 212.32.241.250/32 -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-apisyn
	iptables -A INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-apisyn
	iptables -A INPUT -p tcp -m tcp --dport 80 -j eosio-api
	iptables -A INPUT -p tcp -m tcp --dport 443 -j eosio-api
	;;

	stop\|flush)
	iptables -D INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-apisyn
	iptables -D INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-apisyn
	iptables -D INPUT -p tcp -m tcp --dport 80 -j eosio-api
	iptables -D INPUT -p tcp -m tcp --dport 443 -j eosio-api
	iptables -D INPUT -s 212.32.241.250/32 -j ACCEPT

	iptables -D INPUT -p tcp -m tcp --dport 9000:9999 --tcp-flags FIN,SYN,RST,ACK SYN -j eosio-p2p

	iptables -F eosio-api
	iptables -F eosio-apisyn
	iptables -F eosio-p2p
	;;
	save)
	;;
	esac
	EOT


	chmod u+x /usr/share/netfilter-persistent/plugins.d/ddos
	/usr/share/netfilter-persistent/plugins.d/ddos start

	## before editing, do:
	/usr/share/netfilter-persistent/plugins.d/ddos flush