Skip to content
/ minecraft_knocker Public

Tool that uses firewalld to open ports only to those who know the secret url

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nayfield/minecraft_knocker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
ansbile_example.yml
ansbile_example.yml
 
 
mcknock.go
mcknock.go
 
 
mcknock.service
mcknock.service
 
 
minecraft.service
minecraft.service
 
 

Repository files navigation

minecraft_knocker

Tool that uses firewalld to open ports only to those who know the secret url

How to set it up

  • run firewalld
  • verify you aren't using 'work' zone for anything (or change the references to another unused zone)
  • compile the go and run it with the HANDLER_ROUTE env var set to your 'secret'

The included ansible tasks and example service files might help.

In this case the knock daemon runs as a user who can sudo firewall-cmd, minecraft is a different user.

You also need to punch holes for both minecraft and the knocker in your external firewall, and probably want to have a persistent DNS name.

How do your users use it

  • you give them a url of http://your ip or hostname:25818/secret_password
  • if somebody goes to that URL, it adds their IP to the 'work' zone, and they can connect to minecraft

Why?

  • Avoid exposing minecraft to the whole Internet
  • Don't require users to run VPN or port knock a sequence of ports

About

Tool that uses firewalld to open ports only to those who know the secret url

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages