cyberpresidentvanellope/S.P.L.U.R.T-Station-13
1
0
Fork 0
mirror of https://github.com/SPLURT-Station/S.P.L.U.R.T-Station-13.git synced 2025-12-09 16:07:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

adds rudimentary linux iptables support for fail2topic

Browse Source
This commit is contained in:
deathride58
2020-04-12 16:21:51 -04:00
parent 6cd1d195ad
commit 53d893a67e
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
code/controllers/subsystem/fail2topic.dm
View File

@@ -21,9 +21,6 @@ SUBSYSTEM_DEF(fail2topic)
DropFirewallRule() // Clear the old bans if any still remain
if (world.system_type == UNIX && enabled)
enabled = FALSE
subsystem_log("DISABLED - UNIX systems are not supported.")
if(!enabled)
flags |= SS_NO_FIRE
can_fire = FALSE
@@ -90,7 +87,10 @@ SUBSYSTEM_DEF(fail2topic)
fail_counts -= ip
rate_limiting -= ip
. = shell("netsh advfirewall firewall add rule name=\"[rule_name]\" dir=in interface=any action=block remoteip=[ip]")
if (world.system_type == UNIX)
. = shell("iptables -A [rule_name] -s [ip] -j DROP")
else
. = shell("netsh advfirewall firewall add rule name=\"[rule_name]\" dir=in interface=any action=block remoteip=[ip]")
if (.)
subsystem_log("Failed to ban [ip]. Exit code: [.].")
@@ -105,7 +105,10 @@ SUBSYSTEM_DEF(fail2topic)
active_bans = list()
. = shell("netsh advfirewall firewall delete rule name=\"[rule_name]\"")
if (world.system_type == UNIX)
. = shell("iptables -F [rule_name]") //Let's just assume that folks running linux are smart enough to have a dedicated chain configured for this.
else
. = shell("netsh advfirewall firewall delete rule name=\"[rule_name]\"")
if (.)
subsystem_log("Failed to drop firewall rule. Exit code: [.].")

5
config/config.txt
View File

@@ -510,13 +510,16 @@ DEFAULT_VIEW 21x15
### FAIL2TOPIC:
### Automated IP bans for world/Topic() spammers
### NOTE FOR WINDOWS HOSTS: This requires you to be running dreamdaemon as an administrator for it to work at all. TGS3 handles this automatically, and honestly there's no reason not to be using TGS3 if you're hosting on Windows.
### NOTE FOR LINUX HOSTS: This requires manual setup of iptables. Beware that improper configuration of this can and will irreversibly fuck up a server, so please don't tinker with it if you don't know what you're doing.
## Enabled
FAIL2TOPIC_ENABLED
#FAIL2TOPIC_ENABLED
## Minimum wait time in deciseconds between valid requests
FAIL2TOPIC_RATE_LIMIT 10
## Number of requests after breaching rate limit that triggers a ban
FAIL2TOPIC_MAX_FAILS 5
## Firewall rule name used on physical server
## FOR LINUX HOSTS: This is used as the chain name. The iptables chain doesn't get created or hooked up to INPUT automatically, so you'll have to get that set up yourself. Recommended name: BYOND
FAIL2TOPIC_RULE_NAME _dd_fail2topic
## Enable automatic profiling - Byond 513.1506 and newer only.