Filter traffic through GRE tunnel
Hi all,
Quick question, got a VPS with DDoS protection protecting another VPS with no protection so I've made a GRE tunnel between these two.
Now all traffic is being forwarded but some malicious traffic bypassing the provider filtering is being forwarded as well, still downing the server on the other end of the tunnel.
tcpdump clearly shows the attack which consists of invalid length UDP packets:
12:35:49.912843 IP 88.x.x.x > 51.x.x.x: GREv0, length 42: IP 10.0.0.2.27015 > 94.230.83.243.7030: UDP, length 10
12:35:49.913615 IP 51.x.x.x > 88.x.x.x: GREv0, length 46: IP 95.x.x.x.2248 > 10.0.0.2.27015: UDP, length 14
12:35:49.919516 IP 51.x.x.x > 88.x.x.x: GREv0, length 46: IP 129.x.x.x.59212 > 10.0.0.2.27015: UDP, length 14
Now I can easily drop the traffic on the destination VPS since it's not a lot of traffic:
iptables -A PREROUTING -t raw -p udp --dport 27015:27030 -m length --length 0:32 -j DROP
works fine...
But idealy I want to drop the traffic before it enters the tunnel. Any idea how to do that?
Thanks!
