diff --git a/script.sh b/script.sh index 2c06786..a9f8ec7 100755 --- a/script.sh +++ b/script.sh @@ -80,11 +80,7 @@ java -Xms512M -Xmx2048M -jar Forge-1.20.1.jar --installServer cd - -mv eula.txt /opt/minecraft/ -mv server-icon.png /opt/minecraft/ -mv server.properties /opt/minecraft/ - -mv run.sh /opt/minecraft +mv eula.txt server-icon.png server.properties run.sh /opt/minecraft/ mkdir /opt/minecraft/mods @@ -93,52 +89,59 @@ printf "\n+ Unpacking mods \n \n" 7z x Mods.zip -o/opt/minecraft/mods/ # Permision handeling -printf "\n+ Permision handeling" +printf "\n+ Permision handeling\n" chown -R minecraft:minecraft /opt/minecraft # SystemD service -printf "+ Preparign systemD service" +printf "+ Preparign systemD service\n" cp mc-forge.service /etc/systemd/system/ systemctl daemon-reload - systemctl start mc-forge.service - systemctl enable mc-forge # integration of Maxopoly's instructions on firewall -if [[ "n" != "$ansFirewallSetup" ]]; then +if [[ "$ansFirewallSetup" =~ ("Y"|"y") || -z "$ansFirewallSetup" ]]; then + + printf "+ Executing firewall setup" - printf "+ Executing firewall setup" + iptables -P INPUT ACCEPT #Clears existing rules - iptables -P INPUT ACCEPT #Clears existing rules + iptables -A INPUT -i lo -j ACCEPT #Allow loopback - iptables -A INPUT -i lo -j ACCEPT #Allow loopback + iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections - iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow continuing connections + iptables -A INPUT -p tcp --dport 22 --source $ipList -j ACCEPT #Allow ssh from set network - iptables -A INPUT -p tcp --dport 22 --source 172.18.42.0/24 -j ACCEPT #Allow ssh from set network + iptables -A INPUT -p tcp --dport 25565 -j ACCEPT #Allow MC port - iptables -A INPUT -p tcp --dport 25565 -j ACCEPT #Allow MC port + iptables -L ### Good place to paste a manual check to not lock yourself out + printf "\n Does it looks right? [Y/n]: " + read ansFirewallOK - iptables -L ### Good place to paste a manual check to not lock yourself out + if [[ "$ansFirewallOK" =~ ("Y"|"y") || -z "$ansFirewallOK" ]]; then + + iptables -P INPUT DROP #Disallow everythink else - printf "\n Does it looks right? [Y/n]: " - read ansFirewallOK + iptables -P FORWARD DROP #Block all forwarding + iptables -P OUTPUT ACCEPT #Allow all outgouing + + else + + printf "\nOK it is time for manual configuration" + printf "\nAfter you are done ramamber to run 'apt install iptables-persistent' to save your config. System will automaticly remove your work after restart" - if [[ "n" != "$ansFirewallOK" ]]; then + fi - iptables -P INPUT DROP #Disallow everythink else - - iptables -P FORWARD DROP #Block all forwarding - - iptables -P OUTPUT ACCEPT #Allow all outgouing - fi - - apt install iptables-persistent -y + apt install iptables-persistent -y fi + +printf "\n+ Done, thanks for your time. It is goode idea to chack if everythink is alright by running:" +printf "\nsystemctl status mc-forge" +printf "\nu minecraft -s /bin/bash" +printf "\n+ it is good idea to have some fun with screen before trying to open minecraft conesole 'screen -r' while loged wia minecraft user" diff --git a/server.properties b/server.properties index f284592..6f3b4d3 100644 --- a/server.properties +++ b/server.properties @@ -10,7 +10,7 @@ enable-jmx-monitoring=false enable-query=false enable-rcon=false enable-status=true -enforce-secure-profile=true +enforce-secure-profile=false enforce-whitelist=false entity-broadcast-range-percentage=100 force-gamemode=false