I have created this simple tool to reject connections from IP addresses before the server even processes the new connection. This may help mitigate DoS attacks.
Adds a firewall to your server in case you can’t use a system firewall. Using a system firewall is still recommended.
- Sponge Forge
- Sponge Vanilla
On loading, a
firewall.txt file is created in the root directory (where
The format is a list of rules. Rules are processed in the order listed, first match wins.
Rules are given as an IP address range in CIDR notation. If a rule matches, the action is either to accept or reject.
# Allow loopback IP range 127.0.0.0/8 ALLOW # Block everything else 0.0.0.0/0 BLOCK
ACCEPT and REJECT are also valid words.
/firewall reload from server console or an opped player to reload the rules from the file.
Every connection attempt is logged in the server console (and log file).
In the event of a flood, the logger is rate limited:
If more than 5 messages are logged each less than 2 seconds apart, then no messages are logged for the next 10 seconds.