--- title: Minecraft Anti-DDoS Solution description: This is a note with some useful information and practices of anti-DDoS for Minecraft server. --- Minecraft Anti-DDoS Solution Notes === ## What is DDoS attack? > A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.[name=Cloudflare - What is a DDoS attack?] ## HAProxy + Waterfall(BungeeCord) / Velocity Proxy - [Deploy a simple Minecraft proxy server (@shikendon)](https://gist.github.com/shikendon/f2ce4b96c89fa3f5d6af1d6f67e4e00a) ## HAProxy + go-mmproxy - https://blog.path.net/introducing-go-mmproxy/ - [go-mmproxy](https://github.com/path-network/go-mmproxy) ### configs :::spoiler `/etc/haproxy/haproxy.cfg` ```cfg listen minecraft bind :25565 mode tcp balance leastconn option tcp-check server minecraft-backend 2.3.4.5:25567 send-proxy-v2 ``` ::: :::spoiler `/usr/share/path-prefixes.txt` ``` 1.2.3.0/24 ``` ::: :::spoiler `/etc/systemd/system/go-mmproxy.service` ```.service [Unit] Description=go-mmproxy After=network.target [Service] Type=simple LimitNOFILE=65535 ExecStartPost=/sbin/ip rule add from 127.0.0.1/8 iif lo table 100 ExecStartPost=/sbin/ip route add local 0.0.0.0/0 dev lo table 100 ExecStart=/usr/bin/go-mmproxy -4 127.0.0.1:25565 -l 0.0.0.0:25567 -allowed-subnets "/usr/share/path-prefixes.txt" ExecStopPost=/sbin/ip rule del from 127.0.0.1/8 iif lo table 100 ExecStopPost=/sbin/ip route del local 0.0.0.0/0 dev lo table 100 Restart=on-failure RestartSec=10s [Install] WantedBy=multi-user.target ``` ::: ## ZeroTier SD-WAN solution for small group ## Cloudflare ZTNA and SSO setup ## Reference - https://gist.github.com/shikendon/8d85fe5ca1ca2ad5c6eb848139f71681 - [Don’t underestimate the power of **iptables**!](https://javapipe.com/blog/iptables-ddos-protection/)