I have created this simple tool to reject connections from IP addresses before the server even processes the new connection. This may help mitigate DoS attacks.
Download - Releases · simon816/MCFirewall · GitHub
Source -GitHub - simon816/MCFirewall: Adds a firewall to your Minecraft server in case you can't use a system firewall
MCFirewall
Adds a firewall to your server in case you can’t use a system firewall. Using a system firewall is still recommended.
Supports:
- Forge
- Sponge Forge
- Sponge Vanilla
On loading, a firewall.txt
file is created in the root directory (where server.properties
is).
The format is a list of rules. Rules are processed in the order listed, first match wins.
Rules are given as an IP address range in CIDR notation. If a rule matches, the action is either to accept or reject.
Example firewall.txt:
# Allow loopback IP range
127.0.0.0/8 ALLOW
# Block everything else
0.0.0.0/0 BLOCK
ACCEPT and REJECT are also valid words.
Use /firewall reload
from server console or an opped player to reload the rules from the file.
Every connection attempt is logged in the server console (and log file).
In the event of a flood, the logger is rate limited:
If more than 5 messages are logged each less than 2 seconds apart, then no messages are logged for the next 10 seconds.