From c5dc9c093c7b199426aafc66e05cd7bd840c4957 Mon Sep 17 00:00:00 2001 From: linsaftw Date: Fri, 30 Apr 2021 19:26:03 -0300 Subject: [PATCH] Split Firewall System --- .../0023-FlameCord-General-Patch.patch | 284 ++------------- .../0026-Firewall-System.patch | 337 ++++++++++++++++++ 2 files changed, 357 insertions(+), 264 deletions(-) create mode 100644 Waterfall-Proxy-Patches/0026-Firewall-System.patch diff --git a/Waterfall-Proxy-Patches/0023-FlameCord-General-Patch.patch b/Waterfall-Proxy-Patches/0023-FlameCord-General-Patch.patch index 23f9382..2d6e4d6 100644 --- a/Waterfall-Proxy-Patches/0023-FlameCord-General-Patch.patch +++ b/Waterfall-Proxy-Patches/0023-FlameCord-General-Patch.patch @@ -1,4 +1,4 @@ -From ed57b22b9bae1cabd74f9dd91ebe83389d6223ee Mon Sep 17 00:00:00 2001 +From 274f6347ded5b72104c30c9663912270b1c1b116 Mon Sep 17 00:00:00 2001 From: Juan Cruz Linsalata Date: Mon, 12 Oct 2020 15:40:53 -0300 Subject: [PATCH] FlameCord General Patch @@ -6,10 +6,10 @@ Subject: [PATCH] FlameCord General Patch diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java new file mode 100644 -index 00000000..fd889644 +index 00000000..8957c79a --- /dev/null +++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java -@@ -0,0 +1,68 @@ +@@ -0,0 +1,42 @@ +package dev._2lstudios.flamecord; + +import java.util.Collection; @@ -18,7 +18,6 @@ index 00000000..fd889644 +import dev._2lstudios.flamecord.configuration.FlameCordConfiguration; +import dev._2lstudios.flamecord.configuration.MessagesConfiguration; +import dev._2lstudios.flamecord.configuration.ModulesConfiguration; -+import dev._2lstudios.flamecord.firewall.FirewallManager; +import lombok.Getter; +import net.md_5.bungee.config.ConfigurationProvider; +import net.md_5.bungee.config.YamlConfiguration; @@ -27,15 +26,12 @@ index 00000000..fd889644 + @Getter + private static FlameCord instance; + @Getter -+ private final FirewallManager firewallManager; -+ @Getter + private final FlameCordConfiguration flameCordConfiguration; + @Getter + private final ModulesConfiguration modulesConfiguration; + @Getter + private final MessagesConfiguration messagesConfiguration; + @Getter -+ private final Thread thread; + private boolean running = true; + + public static void renew(final Logger logger, final Collection whitelistedAddresses) { @@ -52,30 +48,8 @@ index 00000000..fd889644 + final ConfigurationProvider configurationProvider = ConfigurationProvider.getProvider(YamlConfiguration.class); + + this.flameCordConfiguration = new FlameCordConfiguration(configurationProvider); -+ this.firewallManager = new FirewallManager(logger, whitelistedAddresses, -+ flameCordConfiguration.getFirewallSeconds()); + this.modulesConfiguration = new ModulesConfiguration(configurationProvider); + this.messagesConfiguration = new MessagesConfiguration(logger, configurationProvider); -+ this.thread = new Thread() { -+ @Override -+ public void run() { -+ while (running) { -+ try { -+ sleep(1000L); -+ -+ if (!running) { -+ return; -+ } -+ -+ firewallManager.tick(); -+ } catch (final Exception e) { -+ // Ignored -+ } -+ } -+ } -+ }; -+ -+ this.thread.start(); + } +} \ No newline at end of file @@ -402,168 +376,8 @@ index 00000000..e82c4844 + } + } +} -diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java -new file mode 100644 -index 00000000..6a661898 ---- /dev/null -+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java -@@ -0,0 +1,30 @@ -+package dev._2lstudios.flamecord.firewall; -+ -+import java.net.SocketAddress; -+ -+public class FirewallException extends Exception { -+ private static final long serialVersionUID = 1L; -+ -+ public FirewallException(final SocketAddress address) { -+ super("The address " + address + " is blocked from the server!"); -+ } -+ -+ public FirewallException(final String string) { -+ super(string); -+ } -+ -+ public FirewallException(final String string, final Throwable throwable) { -+ super(string, throwable); -+ } -+ -+ @Override -+ public synchronized Throwable initCause(final Throwable cause) -+ { -+ return this; -+ } -+ -+ @Override -+ public synchronized Throwable fillInStackTrace() { -+ return this; -+ } -+} -\ No newline at end of file -diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java -new file mode 100644 -index 00000000..8a474758 ---- /dev/null -+++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java -@@ -0,0 +1,116 @@ -+package dev._2lstudios.flamecord.firewall; -+ -+import java.net.InetSocketAddress; -+import java.net.SocketAddress; -+import java.util.Collection; -+import java.util.HashSet; -+import java.util.logging.Logger; -+ -+import dev._2lstudios.flamecord.FlameCord; -+import dev._2lstudios.flamecord.configuration.FlameCordConfiguration; -+import lombok.Getter; -+ -+public class FirewallManager { -+ private final Logger logger; -+ private final Collection whitelistedAddresses; -+ private final Collection firewalled; -+ private final int defaultSeconds; -+ @Getter -+ private int seconds; -+ -+ public FirewallManager(final Logger logger, final Collection whitelistedAddresses, -+ final int defaultSeconds) { -+ this.logger = logger; -+ this.whitelistedAddresses = whitelistedAddresses; -+ this.firewalled = new HashSet<>(); -+ this.defaultSeconds = defaultSeconds; -+ this.seconds = defaultSeconds; -+ } -+ -+ public boolean isWhitelisted(final SocketAddress address) { -+ final String addressString = address.toString(); -+ -+ for (final String whitelistedAddressString : whitelistedAddresses) { -+ if (addressString.endsWith(whitelistedAddressString)) { -+ return true; -+ } -+ } -+ -+ return false; -+ } -+ -+ public void addFirewalled(final SocketAddress address) { -+ if (FlameCord.getInstance().getFlameCordConfiguration().isFirewallEnabled() && !isWhitelisted(address)) { -+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address; -+ final String hostString = iNetSocketAddress.getHostString(); -+ -+ if (!this.firewalled.contains(hostString)) { -+ this.firewalled.add(hostString); -+ logAdded(address); -+ } -+ } -+ } -+ -+ public void logAdded(final SocketAddress address) { -+ final FlameCord flameCord = FlameCord.getInstance(); -+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration(); -+ -+ if (flameCordConfiguration.isFirewallNotify()) { -+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address; -+ final String hostString = iNetSocketAddress.getHostString(); -+ -+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_added", hostString)); -+ } -+ } -+ -+ public void logBlocked(final SocketAddress address) { -+ final FlameCord flameCord = FlameCord.getInstance(); -+ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration(); -+ -+ if (flameCordConfiguration.isFirewallNotify()) { -+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address; -+ final String hostString = iNetSocketAddress.getHostString(); -+ -+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_blocked", hostString)); -+ } -+ } -+ -+ public Collection getFirewalled() { -+ return this.firewalled; -+ } -+ -+ public boolean isFirewalled(final SocketAddress address) { -+ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address; -+ -+ return this.firewalled.contains(iNetSocketAddress.getHostString()); -+ } -+ -+ public boolean isFirewalled(final String name) { -+ final String nameLowerCase = name.toLowerCase(); -+ -+ for (final String string : FlameCord.getInstance().getFlameCordConfiguration().getFirewallNames()) { -+ if (nameLowerCase.contains(string)) { -+ return true; -+ } -+ } -+ -+ return false; -+ } -+ -+ public void tick() { -+ if (--seconds <= 0) { -+ final FlameCord flameCord = FlameCord.getInstance(); -+ final int size = this.firewalled.size(); -+ -+ if (size > 0) { -+ if (flameCord.getFlameCordConfiguration().isFirewallNotify()) { -+ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_cleared", size)); -+ } -+ -+ this.firewalled.clear(); -+ } -+ -+ this.seconds = defaultSeconds; -+ } -+ } -+} -\ No newline at end of file diff --git a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java -index d4729244..dd089abd 100644 +index bb39d31b..5b6f1fd5 100644 --- a/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java +++ b/protocol/src/main/java/net/md_5/bungee/protocol/MinecraftDecoder.java @@ -1,5 +1,6 @@ @@ -591,10 +405,10 @@ index d4729244..dd089abd 100644 if ( slice != null ) diff --git a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java new file mode 100644 -index 00000000..fa0b59c2 +index 00000000..bf6f8538 --- /dev/null +++ b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java -@@ -0,0 +1,71 @@ +@@ -0,0 +1,61 @@ +package dev._2lstudios.flamecord.commands; + +import java.util.Collection; @@ -602,7 +416,6 @@ index 00000000..fa0b59c2 + +import dev._2lstudios.flamecord.FlameCord; +import dev._2lstudios.flamecord.configuration.MessagesConfiguration; -+import dev._2lstudios.flamecord.firewall.FirewallManager; +import net.md_5.bungee.BungeeCord; +import net.md_5.bungee.api.CommandSender; +import net.md_5.bungee.api.chat.TextComponent; @@ -628,15 +441,6 @@ index 00000000..fa0b59c2 + final String arg0 = args[0]; + + switch (arg0) { -+ case "firewall": { -+ final FirewallManager firewallManager = flameCord.getFirewallManager(); -+ final int amount = firewallManager.getFirewalled().size(), -+ seconds = firewallManager.getSeconds(); -+ -+ sender.sendMessage(TextComponent.fromLegacyText( -+ messagesConfiguration.getTranslation("firewall_info", amount, seconds))); -+ break; -+ } + case "reload": { + // FlameCord - Collect ips from servers + final Collection whitelistedAddresses = new HashSet<>(); @@ -667,7 +471,7 @@ index 00000000..fa0b59c2 + } +} diff --git a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java -index 3e4ebfc5..316790ee 100644 +index 5d385706..83d3e9ed 100644 --- a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java +++ b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java @@ -9,6 +9,10 @@ import com.google.common.collect.Sets; @@ -819,7 +623,7 @@ index 3e4ebfc5..316790ee 100644 + } } diff --git a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java -index e90237ac..3cfef373 100644 +index 7b99c466..af242603 100644 --- a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java +++ b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java @@ -1,6 +1,8 @@ @@ -839,7 +643,7 @@ index e90237ac..3cfef373 100644 import net.md_5.bungee.protocol.DefinedPacket; import net.md_5.bungee.protocol.MinecraftDecoder; import net.md_5.bungee.protocol.PacketWrapper; -@@ -161,7 +164,13 @@ public class ServerConnector extends PacketHandler +@@ -163,7 +166,13 @@ public class ServerConnector extends PacketHandler { if ( packet.packet == null ) { @@ -981,40 +785,19 @@ index 6cd71071..09909bd9 100644 } diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java -index d68cc2ce..46e338ca 100644 +index b8e50855..d3a89e79 100644 --- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java +++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java -@@ -1,6 +1,9 @@ +@@ -1,6 +1,8 @@ package net.md_5.bungee.netty; import com.google.common.base.Preconditions; + +import dev._2lstudios.flamecord.FlameCord; -+import dev._2lstudios.flamecord.firewall.FirewallException; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelInboundHandlerAdapter; import io.netty.handler.codec.CorruptedFrameException; -@@ -9,6 +12,7 @@ import io.netty.handler.codec.haproxy.HAProxyMessage; - import io.netty.handler.timeout.ReadTimeoutException; - import java.io.IOException; - import java.net.InetSocketAddress; -+import java.net.SocketAddress; - import java.util.logging.Level; - import net.md_5.bungee.api.ProxyServer; - import net.md_5.bungee.connection.CancelSendSignal; -@@ -39,12 +43,20 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter - @Override - public void channelActive(ChannelHandlerContext ctx) throws Exception - { -+ // FlameCord - Firewall system -+ final SocketAddress remoteAddress = ctx.channel().remoteAddress(); -+ -+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) { -+ throw new FirewallException(remoteAddress); -+ } -+ - if ( handler != null ) - { +@@ -44,7 +46,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter channel = new ChannelWrapper( ctx ); handler.connected( channel ); @@ -1024,7 +807,7 @@ index d68cc2ce..46e338ca 100644 { ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has connected", handler ); } -@@ -60,7 +72,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter +@@ -60,7 +63,8 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter channel.close(); handler.disconnected( channel ); @@ -1034,59 +817,32 @@ index d68cc2ce..46e338ca 100644 { ProxyServer.getInstance().getLogger().log( Level.INFO, "{0} has disconnected", handler ); } -@@ -130,7 +143,24 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter +@@ -136,7 +140,10 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter { if ( ctx.channel().isActive() ) { - boolean logExceptions = !( handler instanceof PingHandler ); + // FlameCord - Use flamecord + final FlameCord flameCord = FlameCord.getInstance(); -+ // FlameCord - log exceptions based on FlameCord configuration and FirewallException -+ boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions() && !(cause instanceof FirewallException); -+ -+ // FlameCord - Firewall system -+ if (cause instanceof DecoderException || cause instanceof IllegalStateException || cause instanceof BadPacketException) { -+ final SocketAddress remoteAddress = ctx.channel().remoteAddress(); -+ -+ if (remoteAddress != null) { -+ flameCord.getFirewallManager().addFirewalled(remoteAddress); -+ } -+ } -+ -+ // FlameCord - Handle firewall exceptions -+ if (cause instanceof FirewallException) { -+ flameCord.getFirewallManager().logBlocked(ctx.channel().remoteAddress()); -+ } ++ // FlameCord - Log exceptions based on FlameCord ++ boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions(); if ( logExceptions ) { diff --git a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java -index a54da9c3..84302b32 100644 +index 4996a7b4..1680ce96 100644 --- a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java +++ b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java -@@ -1,6 +1,9 @@ +@@ -1,6 +1,8 @@ package net.md_5.bungee.netty; import com.google.common.base.Preconditions; + +import dev._2lstudios.flamecord.FlameCord; -+import dev._2lstudios.flamecord.firewall.FirewallException; import io.github.waterfallmc.waterfall.event.ConnectionInitEvent; import io.netty.buffer.PooledByteBufAllocator; import io.netty.channel.Channel; -@@ -61,6 +64,11 @@ public class PipelineUtils - { - SocketAddress remoteAddress = ( ch.remoteAddress() == null ) ? ch.parent().localAddress() : ch.remoteAddress(); - -+ // FlameCord - Firewall system -+ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) { -+ throw new FirewallException(remoteAddress); -+ } -+ - if ( BungeeCord.getInstance().getConnectionThrottle() != null && BungeeCord.getInstance().getConnectionThrottle().throttle( remoteAddress ) ) - { - ch.close(); -@@ -107,7 +115,9 @@ public class PipelineUtils +@@ -107,7 +109,9 @@ public class PipelineUtils // FlameCord - Close on exception caught @Override public void exceptionCaught(final ChannelHandlerContext ctx, final Throwable cause) throws Exception { @@ -1097,5 +853,5 @@ index a54da9c3..84302b32 100644 ctx.close(); } -- -2.20.1 +2.31.1 diff --git a/Waterfall-Proxy-Patches/0026-Firewall-System.patch b/Waterfall-Proxy-Patches/0026-Firewall-System.patch new file mode 100644 index 0000000..7d68a4e --- /dev/null +++ b/Waterfall-Proxy-Patches/0026-Firewall-System.patch @@ -0,0 +1,337 @@ +From b18c16e3bb5a0e71261a854327ec7966b6af279e Mon Sep 17 00:00:00 2001 +From: linsaftw +Date: Fri, 30 Apr 2021 19:23:36 -0300 +Subject: [PATCH] Firewall System + + +diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java +index 8957c79a..fd889644 100644 +--- a/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java ++++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/FlameCord.java +@@ -6,6 +6,7 @@ import java.util.logging.Logger; + import dev._2lstudios.flamecord.configuration.FlameCordConfiguration; + import dev._2lstudios.flamecord.configuration.MessagesConfiguration; + import dev._2lstudios.flamecord.configuration.ModulesConfiguration; ++import dev._2lstudios.flamecord.firewall.FirewallManager; + import lombok.Getter; + import net.md_5.bungee.config.ConfigurationProvider; + import net.md_5.bungee.config.YamlConfiguration; +@@ -14,12 +15,15 @@ public class FlameCord { + @Getter + private static FlameCord instance; + @Getter ++ private final FirewallManager firewallManager; ++ @Getter + private final FlameCordConfiguration flameCordConfiguration; + @Getter + private final ModulesConfiguration modulesConfiguration; + @Getter + private final MessagesConfiguration messagesConfiguration; + @Getter ++ private final Thread thread; + private boolean running = true; + + public static void renew(final Logger logger, final Collection whitelistedAddresses) { +@@ -36,7 +40,29 @@ public class FlameCord { + final ConfigurationProvider configurationProvider = ConfigurationProvider.getProvider(YamlConfiguration.class); + + this.flameCordConfiguration = new FlameCordConfiguration(configurationProvider); ++ this.firewallManager = new FirewallManager(logger, whitelistedAddresses, ++ flameCordConfiguration.getFirewallSeconds()); + this.modulesConfiguration = new ModulesConfiguration(configurationProvider); + this.messagesConfiguration = new MessagesConfiguration(logger, configurationProvider); ++ this.thread = new Thread() { ++ @Override ++ public void run() { ++ while (running) { ++ try { ++ sleep(1000L); ++ ++ if (!running) { ++ return; ++ } ++ ++ firewallManager.tick(); ++ } catch (final Exception e) { ++ // Ignored ++ } ++ } ++ } ++ }; ++ ++ this.thread.start(); + } + } +\ No newline at end of file +diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java +new file mode 100644 +index 00000000..6a661898 +--- /dev/null ++++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallException.java +@@ -0,0 +1,30 @@ ++package dev._2lstudios.flamecord.firewall; ++ ++import java.net.SocketAddress; ++ ++public class FirewallException extends Exception { ++ private static final long serialVersionUID = 1L; ++ ++ public FirewallException(final SocketAddress address) { ++ super("The address " + address + " is blocked from the server!"); ++ } ++ ++ public FirewallException(final String string) { ++ super(string); ++ } ++ ++ public FirewallException(final String string, final Throwable throwable) { ++ super(string, throwable); ++ } ++ ++ @Override ++ public synchronized Throwable initCause(final Throwable cause) ++ { ++ return this; ++ } ++ ++ @Override ++ public synchronized Throwable fillInStackTrace() { ++ return this; ++ } ++} +\ No newline at end of file +diff --git a/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java +new file mode 100644 +index 00000000..8a474758 +--- /dev/null ++++ b/flamecord/src/main/java/dev/_2lstudios/flamecord/firewall/FirewallManager.java +@@ -0,0 +1,116 @@ ++package dev._2lstudios.flamecord.firewall; ++ ++import java.net.InetSocketAddress; ++import java.net.SocketAddress; ++import java.util.Collection; ++import java.util.HashSet; ++import java.util.logging.Logger; ++ ++import dev._2lstudios.flamecord.FlameCord; ++import dev._2lstudios.flamecord.configuration.FlameCordConfiguration; ++import lombok.Getter; ++ ++public class FirewallManager { ++ private final Logger logger; ++ private final Collection whitelistedAddresses; ++ private final Collection firewalled; ++ private final int defaultSeconds; ++ @Getter ++ private int seconds; ++ ++ public FirewallManager(final Logger logger, final Collection whitelistedAddresses, ++ final int defaultSeconds) { ++ this.logger = logger; ++ this.whitelistedAddresses = whitelistedAddresses; ++ this.firewalled = new HashSet<>(); ++ this.defaultSeconds = defaultSeconds; ++ this.seconds = defaultSeconds; ++ } ++ ++ public boolean isWhitelisted(final SocketAddress address) { ++ final String addressString = address.toString(); ++ ++ for (final String whitelistedAddressString : whitelistedAddresses) { ++ if (addressString.endsWith(whitelistedAddressString)) { ++ return true; ++ } ++ } ++ ++ return false; ++ } ++ ++ public void addFirewalled(final SocketAddress address) { ++ if (FlameCord.getInstance().getFlameCordConfiguration().isFirewallEnabled() && !isWhitelisted(address)) { ++ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address; ++ final String hostString = iNetSocketAddress.getHostString(); ++ ++ if (!this.firewalled.contains(hostString)) { ++ this.firewalled.add(hostString); ++ logAdded(address); ++ } ++ } ++ } ++ ++ public void logAdded(final SocketAddress address) { ++ final FlameCord flameCord = FlameCord.getInstance(); ++ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration(); ++ ++ if (flameCordConfiguration.isFirewallNotify()) { ++ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address; ++ final String hostString = iNetSocketAddress.getHostString(); ++ ++ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_added", hostString)); ++ } ++ } ++ ++ public void logBlocked(final SocketAddress address) { ++ final FlameCord flameCord = FlameCord.getInstance(); ++ final FlameCordConfiguration flameCordConfiguration = flameCord.getFlameCordConfiguration(); ++ ++ if (flameCordConfiguration.isFirewallNotify()) { ++ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address; ++ final String hostString = iNetSocketAddress.getHostString(); ++ ++ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_blocked", hostString)); ++ } ++ } ++ ++ public Collection getFirewalled() { ++ return this.firewalled; ++ } ++ ++ public boolean isFirewalled(final SocketAddress address) { ++ final InetSocketAddress iNetSocketAddress = (InetSocketAddress) address; ++ ++ return this.firewalled.contains(iNetSocketAddress.getHostString()); ++ } ++ ++ public boolean isFirewalled(final String name) { ++ final String nameLowerCase = name.toLowerCase(); ++ ++ for (final String string : FlameCord.getInstance().getFlameCordConfiguration().getFirewallNames()) { ++ if (nameLowerCase.contains(string)) { ++ return true; ++ } ++ } ++ ++ return false; ++ } ++ ++ public void tick() { ++ if (--seconds <= 0) { ++ final FlameCord flameCord = FlameCord.getInstance(); ++ final int size = this.firewalled.size(); ++ ++ if (size > 0) { ++ if (flameCord.getFlameCordConfiguration().isFirewallNotify()) { ++ this.logger.info(flameCord.getMessagesConfiguration().getTranslation("firewall_cleared", size)); ++ } ++ ++ this.firewalled.clear(); ++ } ++ ++ this.seconds = defaultSeconds; ++ } ++ } ++} +\ No newline at end of file +diff --git a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java +index bf6f8538..fa0b59c2 100644 +--- a/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java ++++ b/proxy/src/main/java/dev/_2lstudios/flamecord/commands/FlameCordCommand.java +@@ -5,6 +5,7 @@ import java.util.HashSet; + + import dev._2lstudios.flamecord.FlameCord; + import dev._2lstudios.flamecord.configuration.MessagesConfiguration; ++import dev._2lstudios.flamecord.firewall.FirewallManager; + import net.md_5.bungee.BungeeCord; + import net.md_5.bungee.api.CommandSender; + import net.md_5.bungee.api.chat.TextComponent; +@@ -30,6 +31,15 @@ private final BungeeCord bungeeCord; + final String arg0 = args[0]; + + switch (arg0) { ++ case "firewall": { ++ final FirewallManager firewallManager = flameCord.getFirewallManager(); ++ final int amount = firewallManager.getFirewalled().size(), ++ seconds = firewallManager.getSeconds(); ++ ++ sender.sendMessage(TextComponent.fromLegacyText( ++ messagesConfiguration.getTranslation("firewall_info", amount, seconds))); ++ break; ++ } + case "reload": { + // FlameCord - Collect ips from servers + final Collection whitelistedAddresses = new HashSet<>(); +diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java +index d3a89e79..e56b4c68 100644 +--- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java ++++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java +@@ -3,6 +3,7 @@ package net.md_5.bungee.netty; + import com.google.common.base.Preconditions; + + import dev._2lstudios.flamecord.FlameCord; ++import dev._2lstudios.flamecord.firewall.FirewallException; + import io.netty.channel.ChannelHandlerContext; + import io.netty.channel.ChannelInboundHandlerAdapter; + import io.netty.handler.codec.CorruptedFrameException; +@@ -11,6 +12,7 @@ import io.netty.handler.codec.haproxy.HAProxyMessage; + import io.netty.handler.timeout.ReadTimeoutException; + import java.io.IOException; + import java.net.InetSocketAddress; ++import java.net.SocketAddress; + import java.util.logging.Level; + import net.md_5.bungee.api.ProxyServer; + import net.md_5.bungee.connection.CancelSendSignal; +@@ -41,6 +43,13 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter + @Override + public void channelActive(ChannelHandlerContext ctx) throws Exception + { ++ // FlameCord - Firewall system ++ final SocketAddress remoteAddress = ctx.channel().remoteAddress(); ++ ++ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) { ++ throw new FirewallException(remoteAddress); ++ } ++ + if ( handler != null ) + { + channel = new ChannelWrapper( ctx ); +@@ -143,7 +152,21 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter + // FlameCord - Use flamecord + final FlameCord flameCord = FlameCord.getInstance(); + // FlameCord - Log exceptions based on FlameCord +- boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions(); ++ boolean logExceptions = flameCord.getFlameCordConfiguration().isLoggerExceptions() && !(cause instanceof FirewallException); ++ ++ // FlameCord - Firewall system ++ if (cause instanceof DecoderException || cause instanceof IllegalStateException || cause instanceof BadPacketException) { ++ final SocketAddress remoteAddress = ctx.channel().remoteAddress(); ++ ++ if (remoteAddress != null) { ++ flameCord.getFirewallManager().addFirewalled(remoteAddress); ++ } ++ } ++ ++ // FlameCord - Handle firewall exceptions ++ if (cause instanceof FirewallException) { ++ flameCord.getFirewallManager().logBlocked(ctx.channel().remoteAddress()); ++ } + + if ( logExceptions ) + { +diff --git a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java +index 1680ce96..5ddc84a3 100644 +--- a/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java ++++ b/proxy/src/main/java/net/md_5/bungee/netty/PipelineUtils.java +@@ -3,6 +3,7 @@ package net.md_5.bungee.netty; + import com.google.common.base.Preconditions; + + import dev._2lstudios.flamecord.FlameCord; ++import dev._2lstudios.flamecord.firewall.FirewallException; + import io.github.waterfallmc.waterfall.event.ConnectionInitEvent; + import io.netty.buffer.PooledByteBufAllocator; + import io.netty.channel.Channel; +@@ -63,6 +64,11 @@ public class PipelineUtils + { + SocketAddress remoteAddress = ( ch.remoteAddress() == null ) ? ch.parent().localAddress() : ch.remoteAddress(); + ++ // FlameCord - Firewall system ++ if (remoteAddress != null && FlameCord.getInstance().getFirewallManager().isFirewalled(remoteAddress)) { ++ throw new FirewallException(remoteAddress); ++ } ++ + if ( BungeeCord.getInstance().getConnectionThrottle() != null && BungeeCord.getInstance().getConnectionThrottle().throttle( remoteAddress ) ) + { + ch.close(); +-- +2.31.1 +