diff --git a/code/controllers/subsystem/fail2topic.dm b/code/controllers/subsystem/fail2topic.dm index 02e7bc7aab..78c4807c3f 100644 --- a/code/controllers/subsystem/fail2topic.dm +++ b/code/controllers/subsystem/fail2topic.dm @@ -21,9 +21,6 @@ SUBSYSTEM_DEF(fail2topic) DropFirewallRule() // Clear the old bans if any still remain - if (world.system_type == UNIX && enabled) - enabled = FALSE - subsystem_log("DISABLED - UNIX systems are not supported.") if(!enabled) flags |= SS_NO_FIRE can_fire = FALSE @@ -90,7 +87,10 @@ SUBSYSTEM_DEF(fail2topic) fail_counts -= ip rate_limiting -= ip - . = shell("netsh advfirewall firewall add rule name=\"[rule_name]\" dir=in interface=any action=block remoteip=[ip]") + if (world.system_type == UNIX) + . = shell("iptables -A [rule_name] -s [ip] -j DROP") + else + . = shell("netsh advfirewall firewall add rule name=\"[rule_name]\" dir=in interface=any action=block remoteip=[ip]") if (.) subsystem_log("Failed to ban [ip]. Exit code: [.].") @@ -105,7 +105,10 @@ SUBSYSTEM_DEF(fail2topic) active_bans = list() - . = shell("netsh advfirewall firewall delete rule name=\"[rule_name]\"") + if (world.system_type == UNIX) + . = shell("iptables -F [rule_name]") //Let's just assume that folks running linux are smart enough to have a dedicated chain configured for this. + else + . = shell("netsh advfirewall firewall delete rule name=\"[rule_name]\"") if (.) subsystem_log("Failed to drop firewall rule. Exit code: [.].") diff --git a/config/config.txt b/config/config.txt index fd5dc968fb..35af0e848b 100644 --- a/config/config.txt +++ b/config/config.txt @@ -510,13 +510,16 @@ DEFAULT_VIEW 21x15 ### FAIL2TOPIC: ### Automated IP bans for world/Topic() spammers +### NOTE FOR WINDOWS HOSTS: This requires you to be running dreamdaemon as an administrator for it to work at all. TGS3 handles this automatically, and honestly there's no reason not to be using TGS3 if you're hosting on Windows. +### NOTE FOR LINUX HOSTS: This requires manual setup of iptables. Beware that improper configuration of this can and will irreversibly fuck up a server, so please don't tinker with it if you don't know what you're doing. ## Enabled -FAIL2TOPIC_ENABLED +#FAIL2TOPIC_ENABLED ## Minimum wait time in deciseconds between valid requests FAIL2TOPIC_RATE_LIMIT 10 ## Number of requests after breaching rate limit that triggers a ban FAIL2TOPIC_MAX_FAILS 5 ## Firewall rule name used on physical server +## FOR LINUX HOSTS: This is used as the chain name. The iptables chain doesn't get created or hooked up to INPUT automatically, so you'll have to get that set up yourself. Recommended name: BYOND FAIL2TOPIC_RULE_NAME _dd_fail2topic ## Enable automatic profiling - Byond 513.1506 and newer only.