Remote firewall rule creation?
-
You could update it more frequently, but you'd have to edit the code from the package to make it trigger more often.
-
hm, i want to try triggering "external".
that external side is the gameserver with its management bot.
it has a database driven backend, theres a bunch of machines integrated within the gameserver (forums, ircbot, admin backend, mumble voip and much more)
everything work in real time, i wanna stay with that concept as much as possible.
were a bunch of gamers, we are used to have it real time, we still cant wait for… lets say... uhm... 20 Milliseconds is ok.the server is one of the biggest of its kind, throgh that its a lamer magnet.
my query shows me ca. 15 such cases per day, maybe 1-2 really make probs by insulting players. we have 50 Slots and ~1500 unique users every day.
when we ban them, they are back in 1 second, loughing @ us and continuing teh swear orgy.
a schedule would have to be very frequent.ah, the game is quake3, the mod is urban terror, the Forums is @ www.dswp.de/old. urban terror is free to download, if u wanna test: www.urbanterror.net
the database backend is driven by B3 (www.bigbrotherbot.com)when i alter now the rule creator so i can give it a
http(s)://user:pwd@LANIP/fu.php?banip=666.666.666.666
im pretty served and happy.
a little floody loop could make the thing perfect.
but im a grown up guy that knows to handle his anger by doing autosuggestion. -
If you must trigger it remotely, install the dashboard package and look at the Easy Rule code. It can already add arbitrary hosts to an alias in a block rule by a GET request like that.
No need to reinvent the wheel.
-
uiiii wow dashboard!
omg thats oho fancy yeah nice piece of work jeeehesusmaria congratiolations!
bill gates looks pale infront of this and steve jobs admits his bad design!where i can find this easy rule code?
i dont understand by the way what/how this masterpiece of gui can do for me…hm, did i say i want to wait till weekend with my hobby?
it was a lie hmhm ^^ -
On the filter logs (Status > System Logs, Firewall tab), there are little green and red + buttons by the source and destination hosts.
Those will link to the easyrule code for adding and deleting a rule for that IP, you can see how it would work that way.
-
hm, now i just thought myself:
why should i install dashboard when i go after in firewall logs (which existed before anyways)–> firewall log is pimped after dashboard install, theres new block/pass icons on all entries:
oki so the rest is really easy. this 1 does the job:
wget --spider "http://username:password@192.168.XXX.YYY/easyrule.php?action=block&int=wan&src=2.3.4.5"rules will be active immediately, no need to "apply-button" it…
little btw: blocks dont seem to worx with icmp pingeling (i tried that first...)
to close this topic in a short:
pfsense once again helped me out from a crappy situation.
thx for your support, this time u saved hundreds gamerkiddies from heart infaction! ::) :o :( >:( ...... :D
-
The ICMP (and many other) bugs are fixed in 2.0 where I pulled that code from.
I just included the easyrule code in the dashboard package because the dashboard package needed the updated log parser for the firewall logs widget to work properly. :-)
-
Ah apropos protocols…
Now im having the Problem that just TCP Traffic seems to be blocked, Gameservers allways use UDP.
Is there some hope for me before/without 2.0?Thx to a friend I got btw the mysql lib compiled which will shoot system() from mysql @ my command line.
(an altered lib_mysqludf_sys where the execution is hardcoded to 1 certain script)
If someone needs hint/help/instructions for that, plz PM.Look:
-
the issues Jim mentioned are only cosmetic. If you're blocking traffic aside from the normal out of state traffic, your rules are wrong.
-
hm, i made screens again, the rule is one of the most simple i can guess….
can u spot the wrong setting?
the rule is btw
-auto-created by dashboard and was
-moved up in the rule order later manually by me.and http gets really blocked...
####EDIT#1#####
i think it was an existing state.
how could i kill those too?Yeeeeah, its dead and it was killed by a MYSQL möppel!
####EDIT#2#####
@jimp:
im trying now the next: adding subnets.
since im from europe, only ripe ranges are interesting through u need low latency in gamng (which makes it possible for me to get subnet info easily)
they have some REST API, u can test it here:
http://lab.db.ripe.net/whois/search?source=ripe&query-string=83.141.4.230
a friend already helped out with a little PHP script that can translate an ip range from ripe style (like peer2guaridan "1.2.3.4 - 2.3.4.5") to cdir notation. (is attached for those who like...)
Here u can test urself...
http://www.dswp.de/IPRangeConvert.php?ip=83.141.4.230 (if no IP is passed, it will take ur ClientIP...)
Now i would like to add this functionality to easyrule.php
Do u have any sugestions for me?
