<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
After a bit more research on Centos 6.2, it turns out that (for this
distribution) the --reap option <b>is not in the kernel</b><i>. </i>What
that means is that <i>even if you update iptables </i>to 1.4.13 as
described below, all you will end up with is the iptables module no
longer complaining about the --reap option, but due to the kernel,
the --reap option NOT working.<br>
<br>
If you do a "listgame.sh" on the server rules, if you are running
Centos 6.2 you will notice that players that are no longer collected
stay in the list until the game rules are reset with a
"unprotectgame.sh" followed by a "protectgame.sh", or when the
server is physically rebooted. With the standard Centos 6.2 kernel
there is no other option. That's what the --reap parameter did for
you, and that is expire the whitelisted players after they have quit
playing on the server for a while.<br>
<br>
It's interesting to note that Centos 6.2 uses the 2.6.32-220 kernel,
while Ubuntu 10.10 server uses 2.6.32-305. Ubuntu Server 10.10 does
indeed work properly with --reap, so my guess is that Centos is just
way behind in its kernel updates.<br>
<br>
The solution for those of you using Centos 6.2 is at sometime
(perhaps overnight) run the script to unprotect the game server,
followed by the script to re-protect it to clear the whitelisted
players. Just make sure that is done when nobody is currently
playing on the server, or when you re-protect the server everyone
will lag out and have to reconnect.<br>
<br>
For anyone who updates their kernel sucessfully so --reap works,
forward along the steps you took so everyone else can benefit. At
this point I'm not going to try it myself due to time constraints.<br>
<br>
Thanks,<br>
<br>
<i>Boyd</i><br>
<div class="moz-signature"><i><font size="-1">__________________________________<br>
Boyd G. Gafford Ph.D.<br>
Manager of Software Development<br>
Westport Research Associates Inc.<br>
7001 Blue Ridge Blvd<br>
Raytown, MO 64133<br>
(816) 358-8990<br>
<a class="moz-txt-link-abbreviated" href="mailto:drboyd@westportresearch.com">drboyd@westportresearch.com</a><br>
</font></i><br>
</div>
<br>
On 04/20/2012 09:40 AM, Boyd G. Gafford Ph.D. wrote:
<blockquote cite="mid:4F91757A.3050905@westportresearch.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Just a note about using the protection scripts under some Linux
distributions (especially older ones). The protection scripts use
the recent iptables module with the --reap parameter in order to
expire whitelisted players that have quit playing on the server.
You really need this in order for the scripts to work.<br>
<br>
Escaped Turkey first reported this with Centos 6.2, so I installed
this distribution on a VPS and verified it. If you are using
another flavor of Linux, you can check to see if the --reap
parameter is already supported by doing a:<br>
<tt><br>
main iptables</tt><br>
<br>
followed by<br>
<br>
<tt>/--reap[enter]</tt><br>
<br>
If you see "pattern not found", then you don't have an iptables
that supports the --reap option, and need to update your
iptables. If your cursor lands on the option, then are are
already good to go.<br>
<br>
<b>In the case of most older Linux distributions, try updating
them via the normal update process for the distribution first.
This usually gets you a newer iptables from the distribution's
repository, which works nearly all of the time.</b><br>
<br>
However Centos 6.2 is a recent distribution, but for some reason
--reap doesn't work. So the best option is to update iptables to
the latest. Here's how I did it (from root). First off, if you
don't have gcc or make installed, you need to do that first:<br>
<br>
<tt># yum install gcc<br>
# yum install make</tt><br>
<br>
Now just do the following, which downloads the latest iptables
source, builds it and makes it active.<br>
<br>
<tt># cd /root<br>
# wget <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.netfilter.org/projects/iptables/files/iptables-1.4.13.tar.bz2">www.netfilter.org/projects/iptables/files/iptables-1.4.13.tar.bz2</a><br>
# tar -jxvf iptables-1.4.13.tar.bz2<br>
# cd iptables-1.4.13<br>
# ./configure<br>
# make<br>
# make install<br>
# cp /usr/local/sbin/xtables-multi /sbin/iptables-multi</tt><br>
<br>
And you are done! Now your iptables module is updated to 1.4.13,
complete with --reap option for the dynamic expiration of
whitelisted players.<br>
<br>
And of course the process here is very similar if you have other
distributions.<br>
<br>
Good luck,<br>
<br>
<i> Boyd</i><br>
<div class="moz-signature"><br>
<i><font size="-1">__________________________________<br>
Boyd G. Gafford Ph.D.<br>
Manager of Software Development<br>
Westport Research Associates Inc.<br>
7001 Blue Ridge Blvd<br>
Raytown, MO 64133<br>
(816) 358-8990<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:drboyd@westportresearch.com">drboyd@westportresearch.com</a><br>
</font></i><br>
</div>
</blockquote>
</body>
</html>