Configuration change log 1.0 to 2.0.0 - SlimeDog/NetworkInterceptor GitHub Wiki

NetworkInterceptor ▪ Monitor and block outgoing network connections

⚠️ If upgrading from NetworkInterceptor 1.0 to 2.0.0, significant configuration changes are required. These changes must be performed manually; NetworkInterceptor does not change the files automatically.

old 1.0 key          new 2.0.0 key    
block blocking
block.mode: blacklist mode: deny
block.mode: whitelist mode: allow
block.list targets

config.yml

< NetworkInterceptor 1.0 config.yml
> NetworkInterceptor 2.0.0 config.yml
2c2,10
< # made with <3 by Luck
---
> # originally made with <3 by Luck
> #
> # Updated and maintained by drives_a_ford and SlimeDog
> 
> # Design: SlimeDog
> # Implementation: drives_a_ford
> # Testing: SlimeDog
> #
> # Minecraft version support: 1.12.2, 1.13,2, 1.14.4, 1.15.2, 1.16.5, 1.17.x
4,5c12,18
< # how we should intercept network requests
< # any of: 'security-manager', 'proxy-selector'
---
> # Network requests may be detected by either or both of the following methods.
> #
> # security-manager:
> #   - Installs a custom SecurityManager into the server
> #   - Will intercept all outgoing network requests
> #   - May be incompatible with other plugins which install a security manager
> #   - In particular, note that AAC disables itself if the security-manager method is enabled.
7,16c20,24
< # security-manager: - installs a custom SecurityManager into the server.
< #                   - will catch all outgoing network requests
< #                   - may be incompatible with other plugins which install a
< #                     security manager.
< #
< # proxy-selector:   - installs a custom ProxySelector into the server.
< #                   - will catch *most* outgoing http requests
< #                   - will not catch requests which specifically define their
< #                     proxy
< #                   - shouldn't be incompatible with anything
---
> # proxy-selector:
> #  - Installs a custom ProxySelector into the server
> #  - Will intercept most outgoing HTTP requests
> #  - Will not catch requests which specifically define their proxy
> #  - Should not be incompatible with anything
18c26
< # you can define multiple methods.
---
> # Both methods may be enabled, and are recommended.
22a31,32
> # bStats metrics
> enable-metrics: true
24c34,43
< # Configures the logging aspect of the plugin
---
> # Processing mode is allow or deny
> # In allow mode, outbound network connections to specified targets will be allowed.
> # In deny mode, outbound network connections to specified targets will be denied (blocked).
> # In either mode, trusted plugins may be specified.
> mode: deny
> 
> # Enable/disable logging of outbound network connections.
> #
> # Enable/disable stack traces for each connection attempt.
> # Stack traces will always be included in the file output.
26,27c45,50
< # - allows network requests to be logged to the console or a file
< # - useful for monitoring activity and constructing blacklists (see below)
---
> # Connection requests may be logged to the console
> # or to plugins/NetworkInterceptor/intercept.log
> # Options are
> #   - console
> #   - file
> #   - all
29,30d51
< 
<   # if logging is enabled
32,34d52
< 
<   # if stack traces should be printed for each attempt
<   # these will always be included in the file output
35a54
>   mode: file
37,48c56,58
<   # where we should log to
<   # either: 'console', 'file' or 'all'
<   mode: console
< 
< 
< # Configures the blocking aspect of the plugin
< #
< # - allows network requests to be blocked
< # - can either use a whitelist or a blacklist approach
< block:
< 
<   # if blocking is enabled
---
> # Enable/disable blocking.
> # If blocking is disabled, logging will still occur unless disabled above.
> blocking:
51,64c61,67
<   # how we should block
<   # either: 'whitelist' or 'blacklist'
<   mode: blacklist
< 
<   # the whitelist / blacklist
<   # entries should be lowercase
<   list:
<     # common plugin metrics services
<     - "bstats.org"
<     - "report.mcstats.org"
<     - "report.mcupdate.org"
< 
<     # minecraft snooper
<     - "snoop.minecraft.net"
---
> # Configure whether fully qualified domain names (FQDNs) are mapped to their IP addresses
> # This will allow calls to IP addresses that are the result of a call to a specific FQDN
> # within a certain amount of time of the former.
> mapping:
>   enabled: true
>   # The time (in ms) within which IPs are allowed to pass as per their FQDN permissions
>   timer: 1000
66,67c69,88
<     # spigot api for update checking
<     - "api.spigotmc.org"
---
> # Trusted plugins
> # In allow mode, outbound network connections by these plugins will be allowed.
> # In deny mode, outbound network connections by these plugins will be allowed,
> # unless the target is explicitly blocked in the targets list.
> #
> # If LuckPerms is installed, we recommend listing it as a trusted plugin,
> # to simplify configuration.
> trusted-plugins:
>   - none
>   # LuckPerms
> 
> # The target list
> # Entries should be lowercase
> # In allow mode, outbound network connections to these targets will be allowed.
> # In deny mode, outbound network connections to these targets will be blocked.
> targets:
> 
>   # A list of disallowed FQDNs and IP addresses
>   - 'example.com'
>   - 'example.org'
⚠️ **GitHub.com Fallback** ⚠️