[Alpha-Slayer (old)]

Call me a noob, but with the banlist being so crucial to the game, why do we have to wait for a major release to get it fixed?
Why can't we just fix it with a quick patch that only fixes the banlist problem?

I know these things take time, but this is important to the health of the game. Just a question.

[Woekele]

I agree with you. I admit we should have released a small fix a long time ago.

Now that it has taken so long though, we better wait a little longer for the rest of the changes.

[6th|illogical]

Any server running on GNU/Linux can use iptables to block a specific IP address from their server...

iptables -I INPUT 1 -p udp -s <IP TO BLOCK> --dport <PORT OF YOUR URT SERVER> -j DROP

This is a temporary solution, but a solution none the less.

[Woekele]

Do I need root for that, usually?

[AKGRIZZLY (old)]

Hrm I 'm curious about that too, since our server is a linux rig and it's a paid host, is that even worth the effort to fix for the interim between now and the next point release?

[mitsubishi]

it should be controllable by policies, possibly even with a permissions change on the file /sbin/iptables.

[6th|illogical]

Typically you do need root to do it, and personally I would never set the SETUID sticky bit on it so people other than root could use it.  Reason for that, any user could lock everyone out of the server (not good) with a mistyped command.  So then I guess it's really only a solution for people who have their own servers :-

[mitsubishi]

i was thinking those 'alternative security schemes' recently in the kernel may do it.

of course, there could be always a frontend to iptables managing it. e.g. allowing a user to only ban ips not in a a certain range. still important but something like a demi-root.

[6th|illogical]

That's a possibility...

[6th|illogical]

I'm working on a C "wrapper" for iptables that will only allow certain actions on a single table, closing any security issues.