MineWall is a Layer 7 mitigation toolset for protocol specifications like Minecraft.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

39 lines
1.1 KiB

#!/bin/bash
safety_list="https://api.entryrise.com/minewall/"
# Make sure to change protect port to your own protect port.
# $6 > X means the packet count before validating user.
# Recommending a value for X between 10k (~100 seconds) and 50k (~500 seconds) for validation)
command_check=$(conntrack -L | awk '{if ($6 > 10000 && $4 == "ESTABLISHED" && $8 == "dport=20003") print $5}');
#command_check=$(conntrack -L | awk '{if ($6 > PACKETS_TO_WHITELIST && $4 == "CONNECTION FULLY RUNNING" && $8 == "dport=PORT OF SERVER") print $5}');
echo "Updating blacklist for firewall."
for ip in $(curl -L $safety_list/{others}.iplist); do
ipset -A mw_blacklist $ip
done
echo "Updating whitelist for the firewall."
for ip in $(curl -L $safety_list/{wireless,residential,business}.iplist); do
ipset -A mw_whitelist $ip
done
echo "Sending actual players to remote database."
for data in $command_check; do
if [[ $data == "src="* ]]
then
curl -X POST -d 'ip='$(echo $data | cut -c 5-) $safety_list
fi
done
echo "Done"
#
#
#
#
#
# PUT THIS ON A CRONTAB TO RUN EACH 5 MINUTES!!!!