This repository contains an nftables configuration file with rules for protecting a Minecraft server from DDoS attacks. The configuration includes layer 7 filtering and specific rules for blocking common types of DDoS attacks, such as fake sessions, query floods, and bot attacks.
- An
nftables-compatible firewall - A Minecraft server running on port 25565
To use this nftables configuration, follow these steps:
- Clone or download this repository to your server.
- Open the
nftables.conffile in a text editor. - Review the rules and adjust any settings as needed, such as the IP addresses and port numbers.
- Save the
nftables.conffile. - Run the
nftables-applycommand to apply the configuration to your firewall.
Once the configuration is applied, incoming and outgoing connections to the Minecraft server on port 25565 will be allowed, while malicious connections that use fake sessions, query floods, or bot attacks will be blocked. Additionally, the configuration includes filtering for IP addresses and port numbers, as well as rate limiting for incoming and outgoing connections.
If you encounter any issues with the nftables configuration, you can try the following steps to troubleshoot and resolve the problem:
- Check the
nftableslogs for any error messages or warnings. - Review the rules in the
nftables.conffile to ensure they are correct and up-to-date. - Try disabling or adjusting the rate limiting rules to see if they are causing any issues.
- If the problem persists, you can try restoring the default
nftablesconfiguration and reapplying the rules from this repository.
Contributions to this nftables configuration are welcome. If you have any suggestions for improvements or additional rules, you can open a pull request with your changes.
This nftables configuration is released under the MIT license.