Urban Terror Forums: Ban Lists via iptables, allowing non-root users to modify - Urban Terror Forums

Jump to content

 Login | Register 
Advertisement
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Ban Lists via iptables, allowing non-root users to modify Rate Topic: -----

#1 User is offline   illogical Icon

  •   verified user   
    Retired Master Server Administrator
  • Account: illogical
  • Main tag: 6th|
  • Country:
  • Joined: 08-March 10
  • Posts: 2,349

Posted 06 November 2007 - 02:14 PM

I know a fair portion of server administrators do not run their own server and so they do not have root access, but for those that do or can convince the server owner to install a single program...

I wrote an application that allows non-root users to very selectively modify a single iptables chain (one chain per user).  To this chain a user can add only the IP address to ignore, every other field is handled by the application.  The IP address is checked so that it only contains digits, periods, and slashes (for CIDR notation); anything else and it will quit out.

Quake 3 Tables v0.1.1 (A wrapper to allow controlled access to iptables for remedial editing of a single table):
Usage: q3tables -a <IP>    - Add an IPv4 address to the deny list
       q3tables -d <IP>    - Delete an IPv4 address from the deny list
       q3tables -f         - Flush the deny list
       q3tables -l         - List all IPv4 addresses in the deny list

This programs requires an iptables chain 'q3_filter_<UID>' to exist for each user.



Quake 3 Tables v0.1.1 #1 Tue Nov  6 05:20:27 PST 2007 (Linux cogburn.404ster.com 2.6.22-gentoo-r5 #4 SMP Mon Sep 24 00:26:22 PDT 2007 i686 Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux)

Quake 3 Tables --
Copyright 2005-2007 Jeff Walter <jeff@404ster.com>

This program is free software; you can redistribute it and/or
modify it under the terms of version 2 of the GNU General
Public License as published by the Free Software Foundation


You can download the source tarball from my project page.  If you or your server owner have questions, please let me know.

#2 User is offline   AKGRIZZLY (old) Icon

  • Joined: 07-May 06
  • Posts: 4,898
  • LocationAlaska

Posted 07 November 2007 - 12:33 AM

Sweet, I won't get to use it anytime soon, and I'd prolly noob it up then, but sweet nonetheless.

#3 User is offline   Woekele Icon

  •   former FS member   
    Public Relations
  • Account: woekele
  • Country:
  • Joined: 26-January 10
  • Posts: 11,575

Posted 07 November 2007 - 12:50 AM

You do need ssh access to your box and someone with root who wants to install. But once that's done, this is very handy indeed!

#4 User is offline   Csan (old) Icon

  • Joined: 08-February 04
  • Posts: 629
  • LocationBudapest

Posted 07 November 2007 - 05:31 AM

A suggestion without checking the code if it's already implemented: check for and deny any local IPs (localhost, ethX, etc)

n1, gj illogical :)
thx

#5 User is offline   illogical Icon

  •   verified user   
    Retired Master Server Administrator
  • Account: illogical
  • Main tag: 6th|
  • Country:
  • Joined: 08-March 10
  • Posts: 2,349

Posted 07 November 2007 - 07:08 AM

Quote

A suggestion without checking the code if it's already implemented: check for and deny any local IPs (localhost, ethX, etc)

n1, gj illogical :)
thx


None of those could actually cause issues, thus why I didn't code any checks.  And thanks :-)
bullet_loaderAdvertisement
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Advertisement


Copyright © 1999-2024 Frozensand Games Limited  |  All rights reserved  |  Urban Terror™ and FrozenSand™ are trademarks of Frozensand Games Limited

Frozensand Games is a Limited company registered in England and Wales. Company Reg No: 10343942