From d402fc464a6a6b5a1e66867e13162b3d13c200d8 Mon Sep 17 00:00:00 2001 From: mathiascode Date: Sun, 2 Aug 2020 14:51:56 +0300 Subject: [PATCH] Reduce false positives from alive checker --- config/iptables | 10 +++++++++- script/schematics.sh | 2 +- script/server.sh | 44 +++++++++++++++++++++++++++----------------- 3 files changed, 37 insertions(+), 19 deletions(-) diff --git a/config/iptables b/config/iptables index fb05731..a709112 100644 --- a/config/iptables +++ b/config/iptables @@ -1 +1,9 @@ -iptables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source 192.168.1.100 +# IPv4 +iptables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source 192.168.1.0-192.168.100.100 +iptables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source 192.168.1.0-192.168.100.100 +iptables -A INPUT -p tcp --syn --dport 25565 -m connlimit --connlimit-above 5 --connlimit-mask 32 -j REJECT --reject-with tcp-reset + +# IPv6 +ip6tables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source 2001:db8::1-2001:db8::6464 +ip6tables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source 2001:db8::1-2001:db8::6464 +ip6tables -A INPUT -p tcp --syn --dport 25565 -m connlimit --connlimit-above 5 --connlimit-mask 32 -j REJECT --reject-with tcp-reset diff --git a/script/schematics.sh b/script/schematics.sh index 82efea6..5c988c8 100755 --- a/script/schematics.sh +++ b/script/schematics.sh @@ -13,7 +13,7 @@ while true; do git clone --depth 1 git@github.com:kaboomserver/schematics.git $folder fi - cd $folder + cd $folder if [ "$(git add $(git ls-files -o) -v)" ]; then git -c user.name='kaboom' -c user.email='kaboom.pw' commit -m "Add new schematics" diff --git a/script/server.sh b/script/server.sh index bb17b35..08b6133 100755 --- a/script/server.sh +++ b/script/server.sh @@ -5,27 +5,37 @@ PATH="$HOME/framework/vendor/java/bin/:$PATH" -dtach -n alivecheck ~/framework/script/alivecheck.sh - # Make sure we're in the server folder, located in the home directory cd ~/server/ -# Make certain files and folders read-only - -chmod -R 500 plugins/bStats/ -chmod -R 500 plugins/PluginMetrics/ -chmod -R 500 plugins/ProtocolLib/ -chmod 400 bukkit.yml -chmod 400 commands.yml -chmod 400 eula.txt -chmod 400 paper.yml -chmod 400 permissions.yml -chmod 400 server-icon.png -chmod 400 server.properties -chmod 400 spigot.yml -chmod 400 wepif.yml - while true; do + # Make certain files and folders read-only + + chmod -R 500 plugins/bStats/ + chmod -R 500 plugins/PluginMetrics/ + chmod -R 500 plugins/ProtocolLib/ + chmod 400 bukkit.yml + chmod 400 commands.yml + chmod 400 eula.txt + chmod 400 paper.yml + chmod 400 permissions.yml + chmod 400 server-icon.png + chmod 400 server.properties + chmod 400 spigot.yml + chmod 400 wepif.yml + + # Start alive checker + + dtach -n alivecheck ~/framework/script/alivecheck.sh + + # Start Minecraft server + java -Xmx1800M -Xss8M -Xtune:virtualized -Xaggressive -Xcompressedrefs -Xdump:heap+java+snap+system:none -Xdump:tool:events=throw+systhrow,filter=java/lang/OutOfMemoryError,exec="kill -9 %pid" -Xgc:concurrentScavenge -Xgc:dnssExpectedTimeRatioMaximum=3 -Xgc:scvNoAdaptiveTenure -Xdisableexplicitgc -Xshareclasses -Xshareclasses:noPersistentDiskSpaceCheck -XX:MaxDirectMemorySize=128M -XX:+ClassRelationshipVerifier -XX:+GlobalLockReservation -XX:+UseContainerSupport -DPaper.IgnoreJavaVersion=true -Dpaper.playerconnection.keepalive=360 -DIReallyKnowWhatIAmDoingISwear -jar server.jar nogui + + # Stop alive checker (will be started again on the next run) + + killall alivecheck.sh + + # Ensure we don't abuse the CPU in case of failure sleep 1 done