Spoofing is a common exploit by malicious players to gain administrative permission in your bungeecord as detailed here. A standard solution to the problem is using IPTables. BloomManager has a configuration feature that automatically unifies new proxies in the IPTables rules of all dedicated servers. This protects the actual servers, such as hubs, instantiated by BloomManager from being accessed by clients outside your network.

This feature is recommended if you don't have another spoofing solution like BungeeGuard.

Setup

Verify iptables is installed by running the command iptables in terminal.

Afterward, set the BloomManager configuration value iptables: as true.

• You must have an existing iptables chain titled "bungee" before the proxy starts. This chain will be appended to with the IPs of other proxies in your network running BloomManager. An example start.sh for your proxy is below:

iptables -F #remove all existing rules
iptables -X #remove all existing chains
iptables -N bungee # create a new chain for bungee

iptables -A bungee --src 127.0.0.1 -j ACCEPT
#An example of the bungee iptables chain in use

# block anything not from the those IPs
iptables -A bungee -j DROP

# the ports affected by the above iptables rule (this should be the ports configured for use by BloomManager or any backend spigot minecraft servers)
iptables -I INPUT -m tcp -p tcp --dport 25566:28000 -j bungee
# etc
iptables-save
java -Xms1848M -Xmx1848M -XX:+UseG1GC -XX:G1HeapRegionSize=4M -XX:+UnlockExperimentalVMOptions -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch -jar velocity-3.3.0-SNAPSHOT-413.jar