<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hello,<br>
<br>
Is there any updated script? Because it seems that the script is
not working enough any more. Now they can again flood over COD2
and COD4 servers UDP port.<br>
<br>
<pre class="moz-signature" cols="72">Andrej
+386 31 247 707
<a class="moz-txt-link-abbreviated" href="mailto:aparovel@gmail.com">aparovel@gmail.com</a></pre>
On 23.4.2012 17:09, Boyd G. Gafford Ph.D. wrote:<br>
</div>
<blockquote cite="mid:4F9570B7.70502@westportresearch.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
After a bit more research on Centos 6.2, it turns out that (for
this distribution) the --reap option <b>is not in the kernel</b><i>.
</i>What that means is that <i>even if you update iptables </i>to
1.4.13 as described below, all you will end up with is the
iptables module no longer complaining about the --reap option, but
due to the kernel, the --reap option NOT working.<br>
<br>
If you do a "listgame.sh" on the server rules, if you are running
Centos 6.2 you will notice that players that are no longer
collected stay in the list until the game rules are reset with a
"unprotectgame.sh" followed by a "protectgame.sh", or when the
server is physically rebooted. With the standard Centos 6.2
kernel there is no other option. That's what the --reap parameter
did for you, and that is expire the whitelisted players after they
have quit playing on the server for a while.<br>
<br>
It's interesting to note that Centos 6.2 uses the 2.6.32-220
kernel, while Ubuntu 10.10 server uses 2.6.32-305. Ubuntu Server
10.10 does indeed work properly with --reap, so my guess is that
Centos is just way behind in its kernel updates.<br>
<br>
The solution for those of you using Centos 6.2 is at sometime
(perhaps overnight) run the script to unprotect the game server,
followed by the script to re-protect it to clear the whitelisted
players. Just make sure that is done when nobody is currently
playing on the server, or when you re-protect the server everyone
will lag out and have to reconnect.<br>
<br>
For anyone who updates their kernel sucessfully so --reap works,
forward along the steps you took so everyone else can benefit. At
this point I'm not going to try it myself due to time constraints.<br>
<br>
Thanks,<br>
<br>
<i>Boyd</i><br>
<div class="moz-signature"><i><font size="-1">__________________________________<br>
Boyd G. Gafford Ph.D.<br>
Manager of Software Development<br>
Westport Research Associates Inc.<br>
7001 Blue Ridge Blvd<br>
Raytown, MO 64133<br>
(816) 358-8990<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:drboyd@westportresearch.com">drboyd@westportresearch.com</a><br>
</font></i><br>
</div>
<br>
On 04/20/2012 09:40 AM, Boyd G. Gafford Ph.D. wrote:
<blockquote cite="mid:4F91757A.3050905@westportresearch.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Just a note about using the protection scripts under some Linux
distributions (especially older ones). The protection scripts
use the recent iptables module with the --reap parameter in
order to expire whitelisted players that have quit playing on
the server. You really need this in order for the scripts to
work.<br>
<br>
Escaped Turkey first reported this with Centos 6.2, so I
installed this distribution on a VPS and verified it. If you
are using another flavor of Linux, you can check to see if the
--reap parameter is already supported by doing a:<br>
<tt><br>
main iptables</tt><br>
<br>
followed by<br>
<br>
<tt>/--reap[enter]</tt><br>
<br>
If you see "pattern not found", then you don't have an iptables
that supports the --reap option, and need to update your
iptables. If your cursor lands on the option, then are are
already good to go.<br>
<br>
<b>In the case of most older Linux distributions, try updating
them via the normal update process for the distribution
first. This usually gets you a newer iptables from the
distribution's repository, which works nearly all of the time.</b><br>
<br>
However Centos 6.2 is a recent distribution, but for some reason
--reap doesn't work. So the best option is to update iptables
to the latest. Here's how I did it (from root). First off, if
you don't have gcc or make installed, you need to do that first:<br>
<br>
<tt># yum install gcc<br>
# yum install make</tt><br>
<br>
Now just do the following, which downloads the latest iptables
source, builds it and makes it active.<br>
<br>
<tt># cd /root<br>
# wget <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.netfilter.org/projects/iptables/files/iptables-1.4.13.tar.bz2">www.netfilter.org/projects/iptables/files/iptables-1.4.13.tar.bz2</a><br>
# tar -jxvf iptables-1.4.13.tar.bz2<br>
# cd iptables-1.4.13<br>
# ./configure<br>
# make<br>
# make install<br>
# cp /usr/local/sbin/xtables-multi /sbin/iptables-multi</tt><br>
<br>
And you are done! Now your iptables module is updated to
1.4.13, complete with --reap option for the dynamic expiration
of whitelisted players.<br>
<br>
And of course the process here is very similar if you have other
distributions.<br>
<br>
Good luck,<br>
<br>
<i> Boyd</i><br>
<div class="moz-signature"><br>
<i><font size="-1">__________________________________<br>
Boyd G. Gafford Ph.D.<br>
Manager of Software Development<br>
Westport Research Associates Inc.<br>
7001 Blue Ridge Blvd<br>
Raytown, MO 64133<br>
(816) 358-8990<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:drboyd@westportresearch.com">drboyd@westportresearch.com</a><br>
</font></i><br>
</div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
cod mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<br>
</body>
</html>