Nutty_101 0 Posted October 23, 2007 I need some admins to give me input on how to config the firewall for you guys. What do you want to see? I am offering the ability to define rules by. Source IP,NetMask,Port/Port Range Destination IP,NetMask,Port/Port-Range Proto: Icmp, Tcp, Udp (Working on supporting IGMP as well) Direction: In/Out/Both Schedule: so you can say when to start and how long. Once: True/False (Removed from db/mem once done) Description: Text description. The config files are XML and any rules inside them are perm until you remove. They do offer schedules though. The DB and memory resident rules can be dropped at will or set to expire. The firewall also supports inclusion/exclusion (Block everything by default or Block based on rules). Example config file can be located here (Firewall Sample Config) So my real question is, what am I missing that you would want as well? Please let me know as I am more than willing to implement items (mac addr is not one sorry ) Share this post Link to post Share on other sites
Nutty_101 0 Posted October 24, 2007 Forgot to add, i made it simple and it binds to all interfaces that are non loopback or wan. I could make it where you could choose the interface if requested just don't know if anyone really cares since arma only binds to the default as far as i know. Share this post Link to post Share on other sites
Auss 208 Posted October 24, 2007 There is already an excellent product that does all of the above, and its freeware. Its called GHostwall. One of the best little firewalls apps around, I would suggest all server admins take a close look at it. I have been using it for approx 6 months. Highly recomend it, It shows the county of where all IP's are coming from which is good for blocking specific IP ranges, Its can be customised to suit exactly what you need it to block/allow. Share this post Link to post Share on other sites
sickboy 13 Posted October 24, 2007 All that would be important imho is a general group of admins that maintains blacklists, and these should be importable and even an automatic update in the program would be great. Even if sometimes there will be proper players banned, reading the public-server threads; Better 1-2 proper players out, instead of 200 assholes in I would say If Ghostwall or other programs can do such things then I wouldnt bother writing Nutty... but if they don't then Share this post Link to post Share on other sites
Auss 208 Posted October 24, 2007 The only thing ghostwall wont do is scheduling of tasks. I'd like to see a facility to autoblock based upon preset rules, also after a preset time it will unblock the player Share this post Link to post Share on other sites
Nutty_101 0 Posted October 24, 2007 This one is integrated into the panel system. So the packet sniffer system will be able to auto firewall off users who it detects issuing commands we don't want. Aka if someone sends a script with disable input or creates some lgb's it will be sent a command from the other plugin to firewall off the user. We will also be able to issue ban requests from the scripts inside Arma as well. It also uses any basic SQL compliant data base. So people who are running multi servers could have a central database and let it firewall off users caught on one server and that will flow to other servers as well. Hope that makes sense what the reason for this one is. The only reason it was created is for blocking access to the server via scripts and cheaters. Just adding other item's for people who could use a simple method to block other ports. Share this post Link to post Share on other sites
rundll.exe 12 Posted October 24, 2007 The first thing will be really usefull. Also if there is an option to share the banlist it would be even better. Share this post Link to post Share on other sites
Dwarden 1125 Posted October 24, 2007 The first thing will be really usefull. Also if there is an option to share the banlist it would be even better. it's sql compatible so any export is just matter of will ... Share this post Link to post Share on other sites
