From 8ea1dcab976ac0469678f4b7e9cad65c47fb23c8 Mon Sep 17 00:00:00 2001
From: Stefatorus <stefanluciandeleanu@gmail.com>
Date: Sat, 30 Oct 2021 12:13:43 +0300
Subject: [PATCH] Major detection improvement

---
 Tools/firewall.sh    | 19 ++++++++++---------
 Tools/whitelister.sh |  2 +-
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/Tools/firewall.sh b/Tools/firewall.sh
index f6fb667..432b656 100644
--- a/Tools/firewall.sh
+++ b/Tools/firewall.sh
@@ -33,13 +33,13 @@ apt -y -qq install curl iptables-persistent ipset conntrack > /dev/null
 yum -y install curl iptables-service ipset-service conntrack > /dev/null
 echo "Installed required depends."
 # The port you want to protect. for ranges, use FROM:TO
-protect_port=20003
+protect_port=25565
 
 
 # Max graylisted connections per second. This can be higher, and ensures an attack won't be too high for the second pass firewall.
-graylist_verified=100
-graylist_unverified=15
-graylist_concurrent=3
+graylist_verified=8
+graylist_unverified=7
+graylist_concurrent=2
 
 # How many bytes before sending the player to the remote checker to check for info. Please don't change if you don't
 # know what you're doing as you may get yourself locked out of the API.
@@ -47,7 +47,7 @@ graylist_concurrent=3
 checker_minconn=26214400
 
 # MISC. THESE VALUES MAY CHANGE IN THE FUTURE
-target_chain=INPUT
+target_chain=DOCKER
 
 country_list="https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/"
 safety_list="https://api.entryrise.com/minewall/"
@@ -64,7 +64,7 @@ ipset destroy mw_graylist
 ipset destroy mw_whitelist
 ipset destroy mw_checklist
 
-ipset -N -! mw_blacklist hash:net maxelem 100000 timeout 300
+ipset -N -! mw_blacklist hash:net maxelem 100000 timeout 3600
 ipset -N -! mw_graylist hash:net maxelem 100000
 ipset -N -! mw_whitelist hash:net maxelem 100000
 ipset -N -! mw_checklist hash:net maxelem 30 timeout 300
@@ -76,7 +76,7 @@ for ip in $(curl -L $safety_list/{wireless,residential,business}.iplist); do
 done
  # Create the graylist of safer countries. It's really important for the base check.
  echo "Generating graylist for the firewall..."
- for ip in $(curl -L $country_list/{ro,hu,gb,au,dk,bg,ie,pt,gr}.cidr); do
+ for ip in $(curl -L $country_list/{gb,de,fr,ro}.cidr); do
   ipset -A mw_graylist $ip
  done
 
@@ -91,9 +91,10 @@ done
 iptables -A MineWall -p tcp --dport $protect_port -m set --match-set mw_whitelist src -j ACCEPT
 iptables -A MineWall -p tcp --dport $protect_port -m set --match-set mw_blacklist src -j DROP
 
-iptables -A MineWall -p tcp --dport $protect_port --syn -m set --match-set mw_graylist src -m limit --limit $graylist_verified/s -j ACCEPT
+iptables -A MineWall -p tcp --dport $protect_port --syn -m connlimit --connlimit-above $graylist_concurrent -j DROP
+
 iptables -A MineWall -p tcp --dport $protect_port --syn -m limit --limit $graylist_unverified/s -j ACCEPT
-iptables -A MineWall -p tcp --dport $protect_port --syn -m connlimit ! --connlimit-above $graylist_concurrent -j ACCEPT
+iptables -A MineWall -p tcp --dport $protect_port --syn -m set --match-set mw_graylist src -m limit --limit $graylist_verified/s -j ACCEPT
 
 iptables -A MineWall -p tcp --dport $protect_port --syn -j DROP
 
diff --git a/Tools/whitelister.sh b/Tools/whitelister.sh
index 2a611ad..bd2dd2f 100644
--- a/Tools/whitelister.sh
+++ b/Tools/whitelister.sh
@@ -5,7 +5,7 @@ safety_list="https://api.entryrise.com/minewall/"
 # Make sure to change protect port to your own protect port.
 # $6 > X means the packet count before validating user.
 # Recommending a value for X between 10k (~100 seconds) and 50k (~500 seconds) for validation)
-command_check=$(conntrack -L | awk '{if ($6 > 10000 && $4 == "ESTABLISHED" && $8 == "dport=20003") print $5}');
+command_check=$(conntrack -L | awk '{if ($6 > 300000 && $4 == "ESTABLISHED" && $8 == "dport=20003") print $5}');
 #command_check=$(conntrack -L | awk '{if ($6 > PACKETS_TO_WHITELIST && $4 == "CONNECTION FULLY RUNNING" && $8 == "dport=PORT OF SERVER") print $5}');
 
 echo "Updating blacklist for firewall."