Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Filter traffic through GRE tunnel
New on LowEndTalk? Please Register and read our Community Rules.

Filter traffic through GRE tunnel

Hi all,

Quick question, got a VPS with DDoS protection protecting another VPS with no protection so I've made a GRE tunnel between these two.

Now all traffic is being forwarded but some malicious traffic bypassing the provider filtering is being forwarded as well, still downing the server on the other end of the tunnel.

tcpdump clearly shows the attack which consists of invalid length UDP packets:

12:35:49.912843 IP 88.x.x.x > 51.x.x.x: GREv0, length 42: IP > UDP, length 10
12:35:49.913615 IP 51.x.x.x > 88.x.x.x: GREv0, length 46: IP 95.x.x.x.2248 > UDP, length 14
12:35:49.919516 IP 51.x.x.x > 88.x.x.x: GREv0, length 46: IP 129.x.x.x.59212 > UDP, length 14

Now I can easily drop the traffic on the destination VPS since it's not a lot of traffic:

iptables -A PREROUTING -t raw -p udp --dport 27015:27030 -m length --length 0:32 -j DROP

works fine...

But idealy I want to drop the traffic before it enters the tunnel. Any idea how to do that?


Sign In or Register to comment.