[cod] Updating iptables if you don't have the --reap option of the recent module

Andrej Parovel aparovel at gmail.com
Fri Jun 28 09:40:45 EDT 2013 

Hello,

Is there any updated script? Because it seems that the script is not 
working enough any more. Now they can again flood over COD2 and COD4 
servers UDP port.

Andrej

+386 31 247 707
aparovel at gmail.com

On 23.4.2012 17:09, Boyd G. Gafford Ph.D. wrote:
> After a bit more research on Centos 6.2, it turns out that (for this 
> distribution) the --reap option *is not in the kernel*/. /What that 
> means is that /even if you update iptables /to 1.4.13 as described 
> below, all you will end up with is the iptables module no longer 
> complaining about the --reap option, but due to the kernel, the --reap 
> option NOT working.
>
> If you do a "listgame.sh" on the server rules, if you are running 
> Centos 6.2 you will notice that players that are no longer collected 
> stay in the list until the game rules are reset with a 
> "unprotectgame.sh" followed by a "protectgame.sh", or when the server 
> is physically rebooted.  With the standard Centos 6.2 kernel there is 
> no other option.  That's what the --reap parameter did for you, and 
> that is expire the whitelisted players after they have quit playing on 
> the server for a while.
>
> It's interesting to note that Centos 6.2 uses the 2.6.32-220 kernel, 
> while Ubuntu 10.10 server uses 2.6.32-305.  Ubuntu Server 10.10 does 
> indeed work properly with --reap, so my guess is that Centos is just 
> way behind in its kernel updates.
>
> The solution for those of you using Centos 6.2 is at sometime (perhaps 
> overnight) run the script to unprotect the game server, followed by 
> the script to re-protect it to clear the whitelisted players.  Just 
> make sure that is done when nobody is currently playing on the server, 
> or when you re-protect the server everyone will lag out and have to 
> reconnect.
>
> For anyone who updates their kernel sucessfully so --reap works, 
> forward along the steps you took so everyone else can benefit.  At 
> this point I'm not going to try it myself due to time constraints.
>
> Thanks,
>
> /Boyd/
> /__________________________________
> Boyd G. Gafford Ph.D.
> Manager of Software Development
> Westport Research Associates Inc.
> 7001 Blue Ridge Blvd
> Raytown, MO 64133
> (816) 358-8990
> drboyd at westportresearch.com
> /
>
> On 04/20/2012 09:40 AM, Boyd G. Gafford Ph.D. wrote:
>> Just a note about using the protection scripts under some Linux 
>> distributions (especially older ones).  The protection scripts use 
>> the recent iptables module with the --reap parameter in order to 
>> expire whitelisted players that have quit playing on the server.  You 
>> really need this in order for the scripts to work.
>>
>> Escaped Turkey first reported this with Centos 6.2, so I installed 
>> this distribution on a VPS and verified it.  If you are using another 
>> flavor of Linux, you can check to see if the --reap parameter is 
>> already supported by doing a:
>>
>> main iptables
>>
>> followed by
>>
>> /--reap[enter]
>>
>> If you see "pattern not found", then you don't have an iptables that 
>> supports the --reap option, and need to update your iptables.  If 
>> your cursor lands on the option, then are are already good to go.
>>
>> *In the case of most older Linux distributions, try updating them via 
>> the normal update process for the distribution first.  This usually 
>> gets you a newer iptables from the distribution's repository, which 
>> works nearly all of the time.*
>>
>> However Centos 6.2 is a recent distribution, but for some reason 
>> --reap doesn't work.  So the best option is to update iptables to the 
>> latest.  Here's how I did it (from root).  First off, if you don't 
>> have gcc or make installed, you need to do that first:
>>
>> # yum install gcc
>> # yum install make
>>
>> Now just do the following, which downloads the latest iptables 
>> source, builds it and makes it active.
>>
>> # cd /root
>> # wget www.netfilter.org/projects/iptables/files/iptables-1.4.13.tar.bz2
>> # tar -jxvf iptables-1.4.13.tar.bz2
>> # cd iptables-1.4.13
>> # ./configure
>> # make
>> # make install
>> # cp /usr/local/sbin/xtables-multi /sbin/iptables-multi
>>
>> And you are done!  Now your iptables module is updated to 1.4.13, 
>> complete with --reap option for the dynamic expiration of whitelisted 
>> players.
>>
>> And of course the process here is very similar if you have other 
>> distributions.
>>
>> Good luck,
>>
>> /  Boyd/
>>
>> /__________________________________
>> Boyd G. Gafford Ph.D.
>> Manager of Software Development
>> Westport Research Associates Inc.
>> 7001 Blue Ridge Blvd
>> Raytown, MO 64133
>> (816) 358-8990
>> drboyd at westportresearch.com
>> /
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20130628/acaaf231/attachment.html>

More information about the cod mailing list