防火墙Mod-Linux(实验性)
static/image/hrline/1.gif
作者:LordPanic
操作系统:Linux-Debian 12
static/image/hrline/1.gif
简介(作者原文简译):
警告:此mod仍处于试验阶段,不要在LIVE服务器上使用它。
这是我的一个旧mod,我放弃了它,因为它有很多风险,但我决定出于“教育”目的分享它,希望你们能提供一些见解和帮助,使其能够正常运行和安全运行。
这个mod背后的想法是为主机提供额外的保护层,以防止DDOS攻击。
当DDOS发生--->触发锁定机制只允许在游戏(玩家)IP中并阻止所有未知流量。
将所有游戏玩家置于“隔离区”将导致问题“在封锁期间不在线的玩家如何将他们的IP添加到白名单中?”。我的临时解决方案是通过添加机器人命令将其与不和谐机器人结合起来,例如:!addIP127.0.0.1或在您的网站(用户CP)中添加选项“允许我的ip”,它可以是按钮或其他任何东西。如果不和谐,机器人命令必须发送到机器人本身,而不是在频道中(显然)。仍然提供您的IP对许多人来说是很重要的(我不怪他们)。如果你们有更好的想法,非常欢迎在这里分享。
显然这是我想法背后的理论。我甚至不确定这是否可能,但这就是为什么我和你们分享了它。它可能对许多服务器所有者有用。
package net.sf.l2j.gameserver.mods.firewall;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import net.sf.l2j.commons.logging.CLogger;
import net.sf.l2j.gameserver.model.World;
import net.sf.l2j.gameserver.model.actor.Player;
/**
* @author LordPanic
*/
public class FirewallManager
{
private static final CLogger LOGGER = new CLogger(FirewallManager.class.getName());
private Map<Integer, String> _playerIps = new ConcurrentHashMap<>();
private boolean islocdownActive = false;
private static final String IPTABLES_PATH = "/usr/sbin/iptables";
public static void allowIP(String ipAddress)
{
runCommand("-A INPUT -s " + ipAddress + " -j ACCEPT");
}
public static void allowIPRange(String ipRange)
{
runCommand("-A INPUT -s " + ipRange + " -j ACCEPT");
}
public static void allowOutputToIP(String ipAddress)
{
runCommand("-A OUTPUT -d " + ipAddress + " -p tcp -m multiport --dports 2106,7777,9014 -j ACCEPT");
}
public static void allowInputFromIP(String ipAddress)
{
runCommand("-A INPUT -s " + ipAddress + " -p tcp -m multiport --sports 2106,7777,9014 -m state --state ESTABLISHED -j ACCEPT");
}
public static void limitUnknownConnections()
{
runCommand("-I INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit " + 3 + "/second --limit-burst " + 3 + " -j DROP");
runCommand("-I INPUT -p udp -m limit --limit " + 3 + "/second --limit-burst " + 3 + " -j DROP");
}
public static void dropAllIncoming()
{
runCommand("-A INPUT -j DROP");
}
public void clearRules()
{
runCommand("-F");
runCommand("-P INPUT ACCEPT");
runCommand("-P OUTPUT ACCEPT");
runCommand("-P FORWARD ACCEPT");
runCommand("-D INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit " + 3 + "/second --limit-burst " + 3 + " -j ACCEPT");
runCommand("-D INPUT -p udp -m limit --limit " + 3 + "/second --limit-burst " + 3 + " -j ACCEPT");
setIsLocdown(false);
}
public void startLocDown()
{
for (Player player : World.getInstance().getPlayers())
{
String ip = player.getClient().getConnection().getInetAddress().getHostAddress();
allowIP(ip);
_playerIps.put(player.getObjectId(), ip);
}
setIsLocdown(true);
limitUnknownConnections();
dropAllIncoming();
}
private static void runCommand(String command)
{
try
{
List<String> cmd = new ArrayList<>();
cmd.add("sudo");
cmd.add(IPTABLES_PATH);
String[] parts = command.split(" ");
for (String part : parts)
{
cmd.add(part);
}
ProcessBuilder pb = new ProcessBuilder(cmd);
Process process = pb.start();
int exitCode = process.waitFor();
if (exitCode == 0)
{
LOGGER.info("Command executed successfully.");
}
else
{
LOGGER.error("Command execution failed with exit code: " + exitCode);
}
}
catch (Exception e)
{
LOGGER.error("Something else (error).", e);
}
}
public void checkSudoPermissions()
{
try
{
String[] cmd =
{
"/bin/sh",
"-c",
"sudo ls /tmp"
};
Process p = Runtime.getRuntime().exec(cmd);
BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
while ((line = reader.readLine()) != null)
{
LOGGER.info(line);
}
}
catch (Exception e)
{
LOGGER.info(e);
}
}
public static FirewallManager getInstance()
{
return SingletonHolder.INSTANCE;
}
public boolean isIslocdownActive()
{
return islocdownActive;
}
public void setIsLocdown(boolean islocdownActive)
{
this.islocdownActive = islocdownActive;
}
private static class SingletonHolder
{
protected static final FirewallManager INSTANCE = new FirewallManager();
}
}代码网盘免费下载
https://l2fater.lanzouj.com/iRD2n2a6mxcb
页:
[1]