Question

How to set up a firewall with exceptions for dynamic ips for a minecraft server?

Posted January 1, 2022 104 views
FirewallDigitalOcean Droplets

Hello, please note i have very little experience with this stuff, and the only way i got a minecraft server up and running was by googling stuff.

I want to secure my droplet with a firewall, the only purpose of the droplet is to be a minecraft server for me and some friends. I know digitalocean allows setting up firewall rules from their control panel,and it has the provision to allow certain IPs through the firewall. Problem is, every player has dynamic IPs, and though I haven’t tried, i don’t think the aforementioned IP rules will allow them through, once their IP changes. Essentially, what I want to do is to reject all connections apart from those that are coming from players. The only way they can connect is through the game client.

Currently the minecraft server is protected only by it’s own whitelist function, but that hasn’t stopped me from nuking the droplet and moving it to a new IP everytime someone I don’t know tries to connect to the minecraft server. I’m pretty sure the last unknown person that tried to connect was using a DO server as a VPN, and tried to connect using an illegitimate minecraft client.

I did see a potential solution online: something about using ufw, a script, and a domain name to update the players IPs in the firewall rules, but wanted some clarification regarding it: would I have to get a website hosted (which is a paid service, as far as I know, and is well out of my budget) for this purpose?

Please let me know if I should relay anymore info about the droplet, or if I have misunderstood anything. Thank you.

Relevant(?) info: server type: droplet, 4 GB memory, 50GB disk

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there,

In case that you have a dynamic IP address, what you could do is to get in touch with your ISP provider and ask them to provide you with your IP range. That way you could allow the whole IP range, so that if your IP changes it will still be in the allowed range.

You could allow the whole range via your firewall in both cases if you are using ufw or a Cloud firewall:

https://docs.digitalocean.com/products/networking/firewalls/

Hope that this helps.
Regards,
Bobby