mirror of
https://github.com/PaperMC/Waterfall.git
synced 2024-11-18 16:25:14 +01:00
Split Firewall System
This commit is contained in:
parent
3931f4bfac
commit
c5dc9c093c
@ -1,4 +1,4 @@
|
||||
From ed57b22b9bae1cabd74f9dd91ebe83389d6223ee Mon Sep 17 00:00:00 2001
|
||||
From 274f6347ded5b72104c30c9663912270b1c1b116 Mon Sep 17 00:00:00 2001
|
||||
From: Juan Cruz Linsalata <LinsaFTW@users.noreply.github.com>
|
||||
Date: Mon, 12 Oct 2020 15:40:53 -0300
|
||||
Subject: [PATCH] FlameCord General Patch
|
||||
@ -6,10 +6,10 @@ Subject: [PATCH] FlameCord General Patch
|
||||
|
||||
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
|
||||
new file mode 100644
|
||||
index 00000000..fd889644
|
||||
index 00000000..8957c79a
|
||||
--- /dev/null
|
||||
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
|
||||
@@ -0,0 +1,68 @@
|
||||
@@ -0,0 +1,42 @@
|
||||
+package dev._2lstudios.flamecord;
|
||||
+
|
||||
+import java.util.Collection;
|
||||
@ -18,7 +18,6 @@ index 00000000..fd889644
|
||||
+import dev._2lstudios.flamecord.configuration.FlameCordConfiguration;
|
||||
+import dev._2lstudios.flamecord.configuration.MessagesConfiguration;
|
||||
+import dev._2lstudios.flamecord.configuration.ModulesConfiguration;
|
||||
+import dev._2lstudios.flamecord.firewall.FirewallManager;
|
||||
+import lombok.Getter;
|
||||
+import net.md_5.bungee.config.ConfigurationProvider;
|
||||
+import net.md_5.bungee.config.YamlConfiguration;
|
||||
@ -27,15 +26,12 @@ index 00000000..fd889644
|
||||
+ @Getter
|
||||
+ private static FlameCord instance;
|
||||
+ @Getter
|
||||
+ private final FirewallManager firewallManager;
|
||||
+ @Getter
|
||||
+ private final FlameCordConfiguration flameCordConfiguration;
|
||||
+ @Getter
|
||||
+ private final ModulesConfiguration modulesConfiguration;
|
||||
+ @Getter
|
||||
+ private final MessagesConfiguration messagesConfiguration;
|
||||
+ @Getter
|
||||
+ private final Thread thread;
|
||||
+ private boolean running = true;
|
||||
+
|
||||
+ public static void renew(final Logger logger, final Collection<String> whitelistedAddresses) {
|
||||
@ -52,30 +48,8 @@ index 00000000..fd889644
|
||||
+ final ConfigurationProvider configurationProvider = ConfigurationProvider.getProvider(YamlConfiguration.class);
|
||||
+
|
||||
+ this.flameCordConfiguration = new FlameCordConfiguration(configurationProvider);
|
||||
+ this.firewallManager = new FirewallManager(logger, whitelistedAddresses,
|
||||
+ flameCordConfiguration.getFirewallSeconds());
|
||||
+ this.modulesConfiguration = new ModulesConfiguration(configurationProvider);
|
||||
+ this.messagesConfiguration = new MessagesConfiguration(logger, configurationProvider);
|
||||
+ this.thread = new Thread() {
|
||||
+ @Override
|
||||
+ public void run() {
|
||||
+ while (running) {
|
||||
+ try {
|
||||
+ sleep(1000L);
|
||||
+
|
||||
+ if (!running) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ firewallManager.tick();
|
||||
+ } catch (final Exception e) {
|
||||
+ // Ignored
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ };
|
||||
+
|
||||
+ this.thread.start();
|
||||
+ }
|
||||
+}
|
||||
\ No newline at end of file
|
||||
@ -402,168 +376,8 @@ index 00000000..e82c4844
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java
|
||||
new file mode 100644
|
||||
index 00000000..6a661898
|
||||
--- /dev/null
|
||||
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java
|
||||
@@ -0,0 +1,30 @@
|
||||
+package dev._2lstudios.flamecord.firewall;
|
||||
+
|
||||
+import java.net.SocketAddress;
|
||||
+
|
||||
+public class FirewallException extends Exception {
|
||||
+ private static final long serialVersionUID = 1L;
|
||||
+
|
||||
+ public FirewallException(final SocketAddress address) {
|
||||
+ super("The address " + address + " is blocked from the server!");
|
||||
+ }
|
||||
+
|
||||
+ public FirewallException(final String string) {
|
||||
+ super(string);
|
||||
+ }
|
||||
+
|
||||
+ public FirewallException(final String string, final Throwable throwable) {
|
||||
+ super(string, throwable);
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public synchronized Throwable initCause(final Throwable cause)
|
||||
+ {
|
||||
+ return this;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public synchronized Throwable fillInStackTrace() {
|
||||
+ return this;
|
||||
+ }
|
||||
+}
|
||||
\ No newline at end of file
|
||||
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java
|
||||
new file mode 100644
|
||||
index 00000000..8a474758
|
||||
--- /dev/null
|
||||
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java
|
||||
@@ -0,0 +1,116 @@
|
||||
+package dev._2lstudios.flamecord.firewall;
|
||||
+
|
||||
+import java.net.InetSocketAddress;
|
||||
+import java.net.SocketAddress;
|
||||
+import java.util.Collection;
|
||||
+import java.util.HashSet;
|
||||
+import java.util.logging.Logger;
|
||||
+
|
||||
+import dev._2lstudios.flamecord.FlameCord;
|
||||
+import dev._2lstudios.flamecord.configuration.FlameCordConfiguration;
|
||||
+import lombok.Getter;
|
||||
+
|
||||
+public class FirewallManager {
|
||||
+ private final Logger logger;
|
||||
+ private final Collection<String> whitelistedAddresses;
|
||||
+ private final Collection<String> firewalled;
|
||||
+ private final int defaultSeconds;
|
||||
+ @Getter
|
||||
+ private int seconds;
|
||||
+
|
||||
+ public FirewallManager(final Logger logger, final Collection<String> whitelistedAddresses,
|
||||
+ final int defaultSeconds) {
|
||||
+ this.logger = logger;
|
||||
+ this.whitelistedAddresses = whitelistedAddresses;
|
||||
+ this.firewalled = new HashSet<>();
|
||||
+ this.defaultSeconds = defaultSeconds;
|
||||
+ this.seconds = defaultSeconds;
|
||||
+ }
|
||||
+
|
||||
+ public boolean isWhitelisted(final SocketAddress address) {
|
||||
+ final String addressString = address.toString();
|
||||
+
|
||||
+ for (final String whitelistedAddressString : whitelistedAddresses) {
|
||||
+ if (addressString.endsWith(whitelistedAddressString)) {
|
||||
+ return true;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ public void addFirewalled(final SocketAddress address) {
|
||||
+ if (FlameCord.getInstance().getFlameCordConfiguration().isFirewallEnabled() && !isWhitelisted(address)) {
|
||||
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
|
||||
+ final String hostString = iNetSocketAddress.getHostString();
|
||||
+
|
||||
+ if (!this.firewalled.contains(hostString)) {
|
||||
+ this.firewalled.add(hostString);
|
||||
+ logAdded(address);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public void logAdded(final SocketAddress address) {
|
||||
+ final FlameCord flameCord = FlameCord.getInstance();
|
||||
+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration();
|
||||
+
|
||||
+ if (flameCordConfiguration.isFirewallNotify()) {
|
||||
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
|
||||
+ final String hostString = iNetSocketAddress.getHostString();
|
||||
+
|
||||
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_added", hostString));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public void logBlocked(final SocketAddress address) {
|
||||
+ final FlameCord flameCord = FlameCord.getInstance();
|
||||
+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration();
|
||||
+
|
||||
+ if (flameCordConfiguration.isFirewallNotify()) {
|
||||
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
|
||||
+ final String hostString = iNetSocketAddress.getHostString();
|
||||
+
|
||||
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_blocked", hostString));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public Collection<String> getFirewalled() {
|
||||
+ return this.firewalled;
|
||||
+ }
|
||||
+
|
||||
+ public boolean isFirewalled(final SocketAddress address) {
|
||||
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
|
||||
+
|
||||
+ return this.firewalled.contains(iNetSocketAddress.getHostString());
|
||||
+ }
|
||||
+
|
||||
+ public boolean isFirewalled(final String name) {
|
||||
+ final String nameLowerCase = name.toLowerCase();
|
||||
+
|
||||
+ for (final String string : FlameCord.getInstance().getFlameCordConfiguration().getFirewallNames()) {
|
||||
+ if (nameLowerCase.contains(string)) {
|
||||
+ return true;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ public void tick() {
|
||||
+ if (--seconds <= 0) {
|
||||
+ final FlameCord flameCord = FlameCord.getInstance();
|
||||
+ final int size = this.firewalled.size();
|
||||
+
|
||||
+ if (size > 0) {
|
||||
+ if (flameCord.getFlameCordConfiguration().isFirewallNotify()) {
|
||||
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_cleared", size));
|
||||
+ }
|
||||
+
|
||||
+ this.firewalled.clear();
|
||||
+ }
|
||||
+
|
||||
+ this.seconds = defaultSeconds;
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
\ No newline at end of file
|
||||
diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
|
||||
index d4729244..dd089abd 100644
|
||||
index bb39d31b..5b6f1fd5 100644
|
||||
--- a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
|
||||
+++ b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java
|
||||
@@ -1,5 +1,6 @@
|
||||
@ -591,10 +405,10 @@ index d4729244..dd089abd 100644
|
||||
if ( slice != null )
|
||||
diff --git a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
|
||||
new file mode 100644
|
||||
index 00000000..fa0b59c2
|
||||
index 00000000..bf6f8538
|
||||
--- /dev/null
|
||||
+++ b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
|
||||
@@ -0,0 +1,71 @@
|
||||
@@ -0,0 +1,61 @@
|
||||
+package dev._2lstudios.flamecord.commands;
|
||||
+
|
||||
+import java.util.Collection;
|
||||
@ -602,7 +416,6 @@ index 00000000..fa0b59c2
|
||||
+
|
||||
+import dev._2lstudios.flamecord.FlameCord;
|
||||
+import dev._2lstudios.flamecord.configuration.MessagesConfiguration;
|
||||
+import dev._2lstudios.flamecord.firewall.FirewallManager;
|
||||
+import net.md_5.bungee.BungeeCord;
|
||||
+import net.md_5.bungee.api.CommandSender;
|
||||
+import net.md_5.bungee.api.chat.TextComponent;
|
||||
@ -628,15 +441,6 @@ index 00000000..fa0b59c2
|
||||
+ final String arg0 = args[0];
|
||||
+
|
||||
+ switch (arg0) {
|
||||
+ case "firewall": {
|
||||
+ final FirewallManager firewallManager = flameCord.getFirewallManager();
|
||||
+ final int amount = firewallManager.getFirewalled().size(),
|
||||
+ seconds = firewallManager.getSeconds();
|
||||
+
|
||||
+ sender.sendMessage(TextComponent.fromLegacyText(
|
||||
+ messagesConfiguration.getTranslation("firewall_info", amount, seconds)));
|
||||
+ break;
|
||||
+ }
|
||||
+ case "reload": {
|
||||
+ // FlameCord - Collect ips from servers
|
||||
+ final Collection<String> whitelistedAddresses = new HashSet<>();
|
||||
@ -667,7 +471,7 @@ index 00000000..fa0b59c2
|
||||
+ }
|
||||
+}
|
||||
diff --git a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
|
||||
index 3e4ebfc5..316790ee 100644
|
||||
index 5d385706..83d3e9ed 100644
|
||||
--- a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
|
||||
+++ b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
|
||||
@@ -9,6 +9,10 @@ import com.google.common.collect.Sets;
|
||||
@ -819,7 +623,7 @@ index 3e4ebfc5..316790ee 100644
|
||||
+ }
|
||||
}
|
||||
diff --git a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java
|
||||
index e90237ac..3cfef373 100644
|
||||
index 7b99c466..af242603 100644
|
||||
--- a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java
|
||||
+++ b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java
|
||||
@@ -1,6 +1,8 @@
|
||||
@ -839,7 +643,7 @@ index e90237ac..3cfef373 100644
|
||||
import net.md_5.bungee.protocol.DefinedPacket;
|
||||
import net.md_5.bungee.protocol.MinecraftDecoder;
|
||||
import net.md_5.bungee.protocol.PacketWrapper;
|
||||
@@ -161,7 +164,13 @@ public class ServerConnector extends PacketHandler
|
||||
@@ -163,7 +166,13 @@ public class ServerConnector extends PacketHandler
|
||||
{
|
||||
if ( packet.packet == null )
|
||||
{
|
||||
@ -981,40 +785,19 @@ index 6cd71071..09909bd9 100644
|
||||
}
|
||||
|
||||
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
|
||||
index d68cc2ce..46e338ca 100644
|
||||
index b8e50855..d3a89e79 100644
|
||||
--- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
|
||||
+++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
|
||||
@@ -1,6 +1,9 @@
|
||||
@@ -1,6 +1,8 @@
|
||||
package net.md_5.bungee.netty;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
+
|
||||
+import dev._2lstudios.flamecord.FlameCord;
|
||||
+import dev._2lstudios.flamecord.firewall.FirewallException;
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import io.netty.channel.ChannelInboundHandlerAdapter;
|
||||
import io.netty.handler.codec.CorruptedFrameException;
|
||||
@@ -9,6 +12,7 @@ import io.netty.handler.codec.haproxy.HAProxyMessage;
|
||||
import io.netty.handler.timeout.ReadTimeoutException;
|
||||
import java.io.IOException;
|
||||
import java.net.InetSocketAddress;
|
||||
+import java.net.SocketAddress;
|
||||
import java.util.logging.Level;
|
||||
import net.md_5.bungee.api.ProxyServer;
|
||||
import net.md_5.bungee.connection.CancelSendSignal;
|
||||
@@ -39,12 +43,20 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
|
||||
@Override
|
||||
public void channelActive(ChannelHandlerContext ctx) throws Exception
|
||||
{
|
||||
+ // FlameCord - Firewall system
|
||||
+ final SocketAddress remoteAddress = ctx.channel().remoteAddress();
|
||||
+
|
||||
+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) {
|
||||
+ throw new FirewallException(remoteAddress);
|
||||
+ }
|
||||
+
|
||||
if ( handler != null )
|
||||
{
|
||||
@@ -44,7 +46,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
|
||||
channel = new ChannelWrapper( ctx );
|
||||
handler.connected( channel );
|
||||
|
||||
@ -1024,7 +807,7 @@ index d68cc2ce..46e338ca 100644
|
||||
{
|
||||
ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has connected", handler );
|
||||
}
|
||||
@@ -60,7 +72,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
|
||||
@@ -60,7 +63,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
|
||||
channel.close();
|
||||
handler.disconnected( channel );
|
||||
|
||||
@ -1034,59 +817,32 @@ index d68cc2ce..46e338ca 100644
|
||||
{
|
||||
ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has disconnected", handler );
|
||||
}
|
||||
@@ -130,7 +143,24 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
|
||||
@@ -136,7 +140,10 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
|
||||
{
|
||||
if ( ctx.channel().isActive() )
|
||||
{
|
||||
- boolean logExceptions = !( handler instanceof PingHandler );
|
||||
+ // FlameCord - Use flamecord
|
||||
+ final FlameCord flameCord = FlameCord.getInstance();
|
||||
+ // FlameCord - log exceptions based on FlameCord configuration and FirewallException
|
||||
+ boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions() && !(cause instanceof FirewallException);
|
||||
+
|
||||
+ // FlameCord - Firewall system
|
||||
+ if (cause instanceof DecoderException || cause instanceof IllegalStateException || cause instanceof BadPacketException) {
|
||||
+ final SocketAddress remoteAddress = ctx.channel().remoteAddress();
|
||||
+
|
||||
+ if (remoteAddress != null) {
|
||||
+ flameCord.getFirewallManager().addFirewalled(remoteAddress);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ // FlameCord - Handle firewall exceptions
|
||||
+ if (cause instanceof FirewallException) {
|
||||
+ flameCord.getFirewallManager().logBlocked(ctx.channel().remoteAddress());
|
||||
+ }
|
||||
+ // FlameCord - Log exceptions based on FlameCord
|
||||
+ boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions();
|
||||
|
||||
if ( logExceptions )
|
||||
{
|
||||
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
|
||||
index a54da9c3..84302b32 100644
|
||||
index 4996a7b4..1680ce96 100644
|
||||
--- a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
|
||||
+++ b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
|
||||
@@ -1,6 +1,9 @@
|
||||
@@ -1,6 +1,8 @@
|
||||
package net.md_5.bungee.netty;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
+
|
||||
+import dev._2lstudios.flamecord.FlameCord;
|
||||
+import dev._2lstudios.flamecord.firewall.FirewallException;
|
||||
import io.github.waterfallmc.waterfall.event.ConnectionInitEvent;
|
||||
import io.netty.buffer.PooledByteBufAllocator;
|
||||
import io.netty.channel.Channel;
|
||||
@@ -61,6 +64,11 @@ public class PipelineUtils
|
||||
{
|
||||
SocketAddress remoteAddress = ( ch.remoteAddress() == null ) ? ch.parent().localAddress() : ch.remoteAddress();
|
||||
|
||||
+ // FlameCord - Firewall system
|
||||
+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) {
|
||||
+ throw new FirewallException(remoteAddress);
|
||||
+ }
|
||||
+
|
||||
if ( BungeeCord.getInstance().getConnectionThrottle() != null && BungeeCord.getInstance().getConnectionThrottle().throttle( remoteAddress ) )
|
||||
{
|
||||
ch.close();
|
||||
@@ -107,7 +115,9 @@ public class PipelineUtils
|
||||
@@ -107,7 +109,9 @@ public class PipelineUtils
|
||||
// FlameCord - Close on exception caught
|
||||
@Override
|
||||
public void exceptionCaught(final ChannelHandlerContext ctx, final Throwable cause) throws Exception {
|
||||
@ -1097,5 +853,5 @@ index a54da9c3..84302b32 100644
|
||||
ctx.close();
|
||||
}
|
||||
--
|
||||
2.20.1
|
||||
2.31.1
|
||||
|
||||
|
337
Waterfall-Proxy-Patches/0026-Firewall-System.patch
Normal file
337
Waterfall-Proxy-Patches/0026-Firewall-System.patch
Normal file
@ -0,0 +1,337 @@
|
||||
From b18c16e3bb5a0e71261a854327ec7966b6af279e Mon Sep 17 00:00:00 2001
|
||||
From: linsaftw <linsaftw@users.noreply.github.com>
|
||||
Date: Fri, 30 Apr 2021 19:23:36 -0300
|
||||
Subject: [PATCH] Firewall System
|
||||
|
||||
|
||||
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
|
||||
index 8957c79a..fd889644 100644
|
||||
--- a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
|
||||
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java
|
||||
@@ -6,6 +6,7 @@ import java.util.logging.Logger;
|
||||
import dev._2lstudios.flamecord.configuration.FlameCordConfiguration;
|
||||
import dev._2lstudios.flamecord.configuration.MessagesConfiguration;
|
||||
import dev._2lstudios.flamecord.configuration.ModulesConfiguration;
|
||||
+import dev._2lstudios.flamecord.firewall.FirewallManager;
|
||||
import lombok.Getter;
|
||||
import net.md_5.bungee.config.ConfigurationProvider;
|
||||
import net.md_5.bungee.config.YamlConfiguration;
|
||||
@@ -14,12 +15,15 @@ public class FlameCord {
|
||||
@Getter
|
||||
private static FlameCord instance;
|
||||
@Getter
|
||||
+ private final FirewallManager firewallManager;
|
||||
+ @Getter
|
||||
private final FlameCordConfiguration flameCordConfiguration;
|
||||
@Getter
|
||||
private final ModulesConfiguration modulesConfiguration;
|
||||
@Getter
|
||||
private final MessagesConfiguration messagesConfiguration;
|
||||
@Getter
|
||||
+ private final Thread thread;
|
||||
private boolean running = true;
|
||||
|
||||
public static void renew(final Logger logger, final Collection<String> whitelistedAddresses) {
|
||||
@@ -36,7 +40,29 @@ public class FlameCord {
|
||||
final ConfigurationProvider configurationProvider = ConfigurationProvider.getProvider(YamlConfiguration.class);
|
||||
|
||||
this.flameCordConfiguration = new FlameCordConfiguration(configurationProvider);
|
||||
+ this.firewallManager = new FirewallManager(logger, whitelistedAddresses,
|
||||
+ flameCordConfiguration.getFirewallSeconds());
|
||||
this.modulesConfiguration = new ModulesConfiguration(configurationProvider);
|
||||
this.messagesConfiguration = new MessagesConfiguration(logger, configurationProvider);
|
||||
+ this.thread = new Thread() {
|
||||
+ @Override
|
||||
+ public void run() {
|
||||
+ while (running) {
|
||||
+ try {
|
||||
+ sleep(1000L);
|
||||
+
|
||||
+ if (!running) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ firewallManager.tick();
|
||||
+ } catch (final Exception e) {
|
||||
+ // Ignored
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ };
|
||||
+
|
||||
+ this.thread.start();
|
||||
}
|
||||
}
|
||||
\ No newline at end of file
|
||||
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java
|
||||
new file mode 100644
|
||||
index 00000000..6a661898
|
||||
--- /dev/null
|
||||
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java
|
||||
@@ -0,0 +1,30 @@
|
||||
+package dev._2lstudios.flamecord.firewall;
|
||||
+
|
||||
+import java.net.SocketAddress;
|
||||
+
|
||||
+public class FirewallException extends Exception {
|
||||
+ private static final long serialVersionUID = 1L;
|
||||
+
|
||||
+ public FirewallException(final SocketAddress address) {
|
||||
+ super("The address " + address + " is blocked from the server!");
|
||||
+ }
|
||||
+
|
||||
+ public FirewallException(final String string) {
|
||||
+ super(string);
|
||||
+ }
|
||||
+
|
||||
+ public FirewallException(final String string, final Throwable throwable) {
|
||||
+ super(string, throwable);
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public synchronized Throwable initCause(final Throwable cause)
|
||||
+ {
|
||||
+ return this;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public synchronized Throwable fillInStackTrace() {
|
||||
+ return this;
|
||||
+ }
|
||||
+}
|
||||
\ No newline at end of file
|
||||
diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java
|
||||
new file mode 100644
|
||||
index 00000000..8a474758
|
||||
--- /dev/null
|
||||
+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java
|
||||
@@ -0,0 +1,116 @@
|
||||
+package dev._2lstudios.flamecord.firewall;
|
||||
+
|
||||
+import java.net.InetSocketAddress;
|
||||
+import java.net.SocketAddress;
|
||||
+import java.util.Collection;
|
||||
+import java.util.HashSet;
|
||||
+import java.util.logging.Logger;
|
||||
+
|
||||
+import dev._2lstudios.flamecord.FlameCord;
|
||||
+import dev._2lstudios.flamecord.configuration.FlameCordConfiguration;
|
||||
+import lombok.Getter;
|
||||
+
|
||||
+public class FirewallManager {
|
||||
+ private final Logger logger;
|
||||
+ private final Collection<String> whitelistedAddresses;
|
||||
+ private final Collection<String> firewalled;
|
||||
+ private final int defaultSeconds;
|
||||
+ @Getter
|
||||
+ private int seconds;
|
||||
+
|
||||
+ public FirewallManager(final Logger logger, final Collection<String> whitelistedAddresses,
|
||||
+ final int defaultSeconds) {
|
||||
+ this.logger = logger;
|
||||
+ this.whitelistedAddresses = whitelistedAddresses;
|
||||
+ this.firewalled = new HashSet<>();
|
||||
+ this.defaultSeconds = defaultSeconds;
|
||||
+ this.seconds = defaultSeconds;
|
||||
+ }
|
||||
+
|
||||
+ public boolean isWhitelisted(final SocketAddress address) {
|
||||
+ final String addressString = address.toString();
|
||||
+
|
||||
+ for (final String whitelistedAddressString : whitelistedAddresses) {
|
||||
+ if (addressString.endsWith(whitelistedAddressString)) {
|
||||
+ return true;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ public void addFirewalled(final SocketAddress address) {
|
||||
+ if (FlameCord.getInstance().getFlameCordConfiguration().isFirewallEnabled() && !isWhitelisted(address)) {
|
||||
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
|
||||
+ final String hostString = iNetSocketAddress.getHostString();
|
||||
+
|
||||
+ if (!this.firewalled.contains(hostString)) {
|
||||
+ this.firewalled.add(hostString);
|
||||
+ logAdded(address);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public void logAdded(final SocketAddress address) {
|
||||
+ final FlameCord flameCord = FlameCord.getInstance();
|
||||
+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration();
|
||||
+
|
||||
+ if (flameCordConfiguration.isFirewallNotify()) {
|
||||
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
|
||||
+ final String hostString = iNetSocketAddress.getHostString();
|
||||
+
|
||||
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_added", hostString));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public void logBlocked(final SocketAddress address) {
|
||||
+ final FlameCord flameCord = FlameCord.getInstance();
|
||||
+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration();
|
||||
+
|
||||
+ if (flameCordConfiguration.isFirewallNotify()) {
|
||||
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
|
||||
+ final String hostString = iNetSocketAddress.getHostString();
|
||||
+
|
||||
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_blocked", hostString));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public Collection<String> getFirewalled() {
|
||||
+ return this.firewalled;
|
||||
+ }
|
||||
+
|
||||
+ public boolean isFirewalled(final SocketAddress address) {
|
||||
+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address;
|
||||
+
|
||||
+ return this.firewalled.contains(iNetSocketAddress.getHostString());
|
||||
+ }
|
||||
+
|
||||
+ public boolean isFirewalled(final String name) {
|
||||
+ final String nameLowerCase = name.toLowerCase();
|
||||
+
|
||||
+ for (final String string : FlameCord.getInstance().getFlameCordConfiguration().getFirewallNames()) {
|
||||
+ if (nameLowerCase.contains(string)) {
|
||||
+ return true;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ public void tick() {
|
||||
+ if (--seconds <= 0) {
|
||||
+ final FlameCord flameCord = FlameCord.getInstance();
|
||||
+ final int size = this.firewalled.size();
|
||||
+
|
||||
+ if (size > 0) {
|
||||
+ if (flameCord.getFlameCordConfiguration().isFirewallNotify()) {
|
||||
+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_cleared", size));
|
||||
+ }
|
||||
+
|
||||
+ this.firewalled.clear();
|
||||
+ }
|
||||
+
|
||||
+ this.seconds = defaultSeconds;
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
\ No newline at end of file
|
||||
diff --git a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
|
||||
index bf6f8538..fa0b59c2 100644
|
||||
--- a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
|
||||
+++ b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java
|
||||
@@ -5,6 +5,7 @@ import java.util.HashSet;
|
||||
|
||||
import dev._2lstudios.flamecord.FlameCord;
|
||||
import dev._2lstudios.flamecord.configuration.MessagesConfiguration;
|
||||
+import dev._2lstudios.flamecord.firewall.FirewallManager;
|
||||
import net.md_5.bungee.BungeeCord;
|
||||
import net.md_5.bungee.api.CommandSender;
|
||||
import net.md_5.bungee.api.chat.TextComponent;
|
||||
@@ -30,6 +31,15 @@ private final BungeeCord bungeeCord;
|
||||
final String arg0 = args[0];
|
||||
|
||||
switch (arg0) {
|
||||
+ case "firewall": {
|
||||
+ final FirewallManager firewallManager = flameCord.getFirewallManager();
|
||||
+ final int amount = firewallManager.getFirewalled().size(),
|
||||
+ seconds = firewallManager.getSeconds();
|
||||
+
|
||||
+ sender.sendMessage(TextComponent.fromLegacyText(
|
||||
+ messagesConfiguration.getTranslation("firewall_info", amount, seconds)));
|
||||
+ break;
|
||||
+ }
|
||||
case "reload": {
|
||||
// FlameCord - Collect ips from servers
|
||||
final Collection<String> whitelistedAddresses = new HashSet<>();
|
||||
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
|
||||
index d3a89e79..e56b4c68 100644
|
||||
--- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
|
||||
+++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
|
||||
@@ -3,6 +3,7 @@ package net.md_5.bungee.netty;
|
||||
import com.google.common.base.Preconditions;
|
||||
|
||||
import dev._2lstudios.flamecord.FlameCord;
|
||||
+import dev._2lstudios.flamecord.firewall.FirewallException;
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import io.netty.channel.ChannelInboundHandlerAdapter;
|
||||
import io.netty.handler.codec.CorruptedFrameException;
|
||||
@@ -11,6 +12,7 @@ import io.netty.handler.codec.haproxy.HAProxyMessage;
|
||||
import io.netty.handler.timeout.ReadTimeoutException;
|
||||
import java.io.IOException;
|
||||
import java.net.InetSocketAddress;
|
||||
+import java.net.SocketAddress;
|
||||
import java.util.logging.Level;
|
||||
import net.md_5.bungee.api.ProxyServer;
|
||||
import net.md_5.bungee.connection.CancelSendSignal;
|
||||
@@ -41,6 +43,13 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
|
||||
@Override
|
||||
public void channelActive(ChannelHandlerContext ctx) throws Exception
|
||||
{
|
||||
+ // FlameCord - Firewall system
|
||||
+ final SocketAddress remoteAddress = ctx.channel().remoteAddress();
|
||||
+
|
||||
+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) {
|
||||
+ throw new FirewallException(remoteAddress);
|
||||
+ }
|
||||
+
|
||||
if ( handler != null )
|
||||
{
|
||||
channel = new ChannelWrapper( ctx );
|
||||
@@ -143,7 +152,21 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
|
||||
// FlameCord - Use flamecord
|
||||
final FlameCord flameCord = FlameCord.getInstance();
|
||||
// FlameCord - Log exceptions based on FlameCord
|
||||
- boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions();
|
||||
+ boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions() && !(cause instanceof FirewallException);
|
||||
+
|
||||
+ // FlameCord - Firewall system
|
||||
+ if (cause instanceof DecoderException || cause instanceof IllegalStateException || cause instanceof BadPacketException) {
|
||||
+ final SocketAddress remoteAddress = ctx.channel().remoteAddress();
|
||||
+
|
||||
+ if (remoteAddress != null) {
|
||||
+ flameCord.getFirewallManager().addFirewalled(remoteAddress);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ // FlameCord - Handle firewall exceptions
|
||||
+ if (cause instanceof FirewallException) {
|
||||
+ flameCord.getFirewallManager().logBlocked(ctx.channel().remoteAddress());
|
||||
+ }
|
||||
|
||||
if ( logExceptions )
|
||||
{
|
||||
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
|
||||
index 1680ce96..5ddc84a3 100644
|
||||
--- a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
|
||||
+++ b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java
|
||||
@@ -3,6 +3,7 @@ package net.md_5.bungee.netty;
|
||||
import com.google.common.base.Preconditions;
|
||||
|
||||
import dev._2lstudios.flamecord.FlameCord;
|
||||
+import dev._2lstudios.flamecord.firewall.FirewallException;
|
||||
import io.github.waterfallmc.waterfall.event.ConnectionInitEvent;
|
||||
import io.netty.buffer.PooledByteBufAllocator;
|
||||
import io.netty.channel.Channel;
|
||||
@@ -63,6 +64,11 @@ public class PipelineUtils
|
||||
{
|
||||
SocketAddress remoteAddress = ( ch.remoteAddress() == null ) ? ch.parent().localAddress() : ch.remoteAddress();
|
||||
|
||||
+ // FlameCord - Firewall system
|
||||
+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) {
|
||||
+ throw new FirewallException(remoteAddress);
|
||||
+ }
|
||||
+
|
||||
if ( BungeeCord.getInstance().getConnectionThrottle() != null && BungeeCord.getInstance().getConnectionThrottle().throttle( remoteAddress ) )
|
||||
{
|
||||
ch.close();
|
||||
--
|
||||
2.31.1
|
||||
|
Loading…
Reference in New Issue
Block a user