Menu
What's new
RunUO Community

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Firewalling IP Ranges

A

autumntwilight

Sorceror
Firewalling IP Ranges

I don't think you can do this in RunUO 1.0, but I think the RunUO team should include a way to firewall IP ranges in their next release
 
M

Malaperth

Wanderer
Depends on what you mean by "ranges". The problem is that all the definitions of ranges I can think of can be firewalled using wildcards ( as in firewall 192.168.*.* for example, and possibly even down to as fine as firewall 192.168.??1.1??, but not sure of that part). The larger issue is that you can actually easily (accidentally or on purpose) firewall entire countries that way.

Maybe I don't understand what you need, but there is no sure/safe way to firewall anyone if they really want to get on without firewalling hundreds and/or thousands of people at the same time.
 
L

Livewire

Wanderer
I think he means the ability to firewall ranges like this:

192.168.1.1 through 192.168.1.100, inclusive

Would only block 100 ips, but 192.168.1.101 could connect. There might be a few tricks you could do as far as using several filters to get the same effect, but my guess is this is what he meant by range.

As far as adding it goes, not positive it's a coremod (check the scripts/accounting folder, theres firewall and iplimiter files in there), but i'd still like to see it. Not gunna hurt if they aren't put in though, I've been blocking ip ranges at the router if needbe. Thankfully, only had to block one guy that way so far (kindof a pain to set it up, but then again they're blocked from the network, not just uo :))
 
R

RunUO2874

Wanderer
You can specify wildcard addresses. RunUO currently supports wildcards * and ?.

The easiest way to support IP ranges is actually with a mod of Core\Utility.cs:IPMatch, however you can do it by parsing the string in Scripts\Accounting\Firewall.cs:IsBlocked and looping through each one.

Actually, you could just rip IPMatch from Utility.cs, put it somewhere in Firewall.cs, and make it handle ranges there. Not a very nice way to do it, but might work.
 
A

Aenima

Wanderer
what I mean by wildcard address is as that used in router ACLs - a bitwise address, where 1 = wildcard and 0 = static.

For instance, a class B wildcard would be something like adding the IP address 172.16.0.0 and specifying a mask of 0.0.255.255, instead of what we currently have - 172.16.*.
 
PappaSmurf

PappaSmurf

Knight
There is a major drawback to this though.....lets say you have a family that is playing on a server from mutiple PC's all hooked through the same router....by Banning a range you've banned that entire family for one jerk...

if a family has Mom Dad You Sister Brother all playing that's 5 people you kicked just cause one was disruptive.
 
daat99

daat99

Moderator
Staff member
PappaSmurf said:
There is a major drawback to this though.....lets say you have a family that is playing on a server from mutiple PC's all hooked through the same router....by Banning a range you've banned that entire family for one jerk...

if a family has Mom Dad You Sister Brother all playing that's 5 people you kicked just cause one was disruptive.
Click to expand...
In this situations the family authority figure will most likely contact the admin to ask why they all got banned and deal with the "jerk" so he won't be a "jerk" anymore in order to the ban to be lifted.

Think about it for a sec, if you were in that family and you were the "jerk" than your sister, brother, mother and father will be breathing down your neck to stop being "jerk" and if you cntinue than it'll be safe to assume you won't have a computer to be "jerk" with anymore MUAHAHAHAH.

Keep in mind that every ban can be lifter by the admin and every half decent admin have his email (or atleast the shard email) on his website for people to contact for situations like this (among others).
 
PappaSmurf

PappaSmurf

Knight
daat99 said:
In this situations the family authority figure will most likely contact the admin to ask why they all got banned and deal with the "jerk" so he won't be a "jerk" anymore in order to the ban to be lifted.

Think about it for a sec, if you were in that family and you were the "jerk" than your sister, brother, mother and father will be breathing down your neck to stop being "jerk" and if you cntinue than it'll be safe to assume you won't have a computer to be "jerk" with anymore MUAHAHAHAH.

Keep in mind that every ban can be lifter by the admin and every half decent admin have his email (or atleast the shard email) on his website for people to contact for situations like this (among others).
Click to expand...

This is very true I didn't think about it at the time. And if I'm not mistake you have to have contact info on your shards website to be listed on UOG
 
daat99

daat99

Moderator
Staff member
PappaSmurf said:
This is very true I didn't think about it at the time. And if I'm not mistake you have to have contact info on your shards website to be listed on UOG
Click to expand...
No idea about that, I only do scripts :)
 
PappaSmurf

PappaSmurf

Knight
daat99 said:
No idea about that, I only do scripts :)
Click to expand...

I've got dial up and too many bills to finish catching up before I can pay to host a server....so Yah I've never messed with UOG much either, at least as far as listing a server with it.

I think hosting a Server on my PC would kill it anyways there is only so much a Pent Celeron 2.2ghz running Windows XP on 256MB of RAM can do.....
 
A

Aenima

Wanderer
I very much doubt a family would be using more than one public IP address. The more common situation is that their router uses NAT - one public IP address and the hosts connected to it use one of the designated private IP ranges.

So, banning one IP would, in effect, ban anyone connecting through the router.
 
daat99

daat99

Moderator
Staff member
Aenima said:
I very much doubt a family would be using more than one public IP address. The more common situation is that their router uses NAT - one public IP address and the hosts connected to it use one of the designated private IP ranges.

So, banning one IP would, in effect, ban anyone connecting through the router.
Click to expand...
And when they reconnect it's most likely they'll get another ip so nomore ban for them :)
 
K

Kamron

Knight
I like the idea of firewalling ip ranges, or hostnames, and as a matter of fact my shard can do this already. In addition, so that you do not ban a whole country/city/etc... an exception list would be good, in order to allow people to get on through the firewalling.

This would not work for people who have proxies, play through a cyber cafe, or other such 'public' areas. Unfortunately, there is collateral damage when you ban via hostname/ip range. It is inevitable.
 
S

swtrse

Wanderer
There are also people who have Dynamic IPs throght there ISPs.

So banning IPs is a useless feature of RunUO.
Better use a real Firewall with a relyable log.
Ban Unwanted people from the server and in case of attacks report them to there ISPs.
 
You must log in or register to reply here.
Top