PDA

View Full Version : DogMeat's Banning guide for servers


rudedog
02-25-2005, 09:34 PM
DogMeat's Banning Guide for Servers

QuickList:

1) Make a ban.bat file using template below.

2) Ban single IP format:
route add (destination 172.134.100.80) mask 255.255.255.255 (gateway 192.168.0.1) [-p]

3) Ban range of IPs:
route add (destination 172.134.100.1) mask 255.255.255.0 (gateway 192.168.0.1) [-p]

4) Make an entry in the ban.bat file for each person to ban, using cut and paste method is easiest.

Overview:

The command-line program ROUTE is used to manually view/adjust the paths (routes) network packets take to get from your machine to the Internet and/or your LAN. Windows does a great job of automatically setting up your network routes for you, but we want to add some special ones for the umm.. special people!

The DOS Command:

Real quick I want to go over the command line syntax you have to use, with an example:

route add (destination) mask 255.255.255.255 (gateway) [-p]
route add 134.220.78.103 mask 255.255.255.255 192.168.0.1 -p

Your manually adding a route to the person you want to ban (destination), the "mask 255.255.255.255" means only ban that single IP, and the path to use (gateway) should be an address on the local machine. The -p option does NOT work on Win98, on NT/XP it means to make the route permanent so that it stays after a reboot and you don't have to run ban.bat each reboot.

How the Ban Works:

Since the gateway address is on the local machine, your computer thinks any packets for the banned address have already reached their destination, instead of sending them out over your Internet connection. If the player is still connected when you ban him, his ping jumps to 9999 but he can still use chat. (the chat packets are incoming) Either he will disconnect and try to reconnect, or you can kick him; either way he can never connect to your server again since he will never get any packets from you!

How to Ban:

Create a new text document called BAN.BAT on your desktop, you can move it later if you wish. You can get the IP to add from the console using the "RCON STATUS" command, see Bull's RCON guide (http://www.alliedassault.com/community/guides/bull) on AlliedAssault.com for more info if needed. Here's the format of an example BAN.BAT for you. Simply edit the file, copy and paste the line after rem and replace "ban" with the IP of the person to ban. The mask 255.255.255.255 means ban only that one single IP. Be sure and change the 192.168.0.1 to an address on your local machine! Then save/close the file and run it, you'll see the "Banning: PlayerName You Entered" scroll on by, then it pauses until you hit a key. Then it will show you a screen printout of the route table and pause, exiting once you hit a key. You can run this at the same time the server is running and the ban will take effect immediately, you do NOT need to restart the server or reboot the computer.

@echo off
rem echo Banning:
rem route add ban mask 255.255.255.255 192.168.0.1

echo Banning: You'll Never Get Rid of Me
route add -p 134.220.78.103 mask 255.255.255.255 192.168.0.1

pause
route print
pause

The pauses and route print at the end of the batch file simply show the actual Windows routing table. You will see many entries in there that are default, and of course you will see entries from your ban.bat file. This information is for reference only, mostly so you can get quick confirmation that your new entries are in the table if you wish to inspect it. You can remove the pauses and run this ban.bat on startup if you wish. Also you can run this batch file over and over again with the same "old" entries, since a duplicate entry simply overwrites itself instead of making a new one.

When to Change the Mask:

If someone is continually coming back with a new IP, you can adjust the mask in order to ban a range of addresses. Most commonly you'll see the last set of numbers in their IP change, for example he connects with these new IP's:
134.220.78.10
134.220.78.221
134.220.78.97
I would then adjust the "mask 255.255.255.255" to read "mask 255.255.255.0", which applys a wider filter to the range of IPs it sends to nowhere, basically a range of almost 255 possible Internet IPs. Occasionally you will see the third set change also, for example some providers have large ranges assigned to cable modems in major cities, and while I do NOT recommend it, in those cases you can go to "mask 255.255.0.0" to cover the changing third set. However you just cut off access to a wider range of their customers with the less restrictive mask, about 65,000 possible Internet addresses! It's very rare to see the first and/or second set change for a single user, unless they have two Internet providers or are signing on from work and home for example. See the note below about NOT using a mask of 0.0.0.0 or 255.0.0.0!

Win9x/ME versus NT/2K/XP:

The main issue here is that custom permanent routes simply are not an option on Win9x, and if you use the -p option it will return an error if used. This means that on Win9x these bans are cleared after each reboot. I don't know about ME but on NT/2K/XP the -p option works just fine due to better networking support. You can manually run it before starting your server or remove the pause lines and add a shortcut to the ban.bat file in your Windows startup folder so it runs after each boot. You can also not use the -p option on NT/2K/XP and run the ban.bat like you would on Win9x.

What Not To Do:

The major issue with manually adjusting your routing table is not to screw around with the mask unless you really know what your doing. Remember when using different masks, you are making it so your computer cannot send packets to parts of the Internet. The larger range in your filter the larger chance that you will cut off access to legitimate sites that you may visit. Stick with 255.255.255.255 when at all possible! Do NOT use 255.0.0.0 or you will be cutting off any type of access for you to reach huge chunks of the Internet, perhaps even an entire country! Do NOT use a mask of 0.0.0.0 since it means every computer IP address possible is routed to your local machine, and thus any network traffic goes nowhere. That is why in your routing table the default entry to address 0.0.0.0 with a mask of 0.0.0.0 is pointing to a gateway off your machine, most likely to the next server or network router in the connection that you use to reach the internet. Once again, stick with a mask of 255.255.255.255 when at all possible, and 255.255.255.0 only in rare special cases to cover a changing IP.

How to UnBan:

This is slightly different for Win9x since routes are not permanent, or if you have chosen not to use the -p permanent route option on NT/2K/XP.

Win9x/No Permanent:
Open your ban.bat and find the entry for the person to unban and either put a "rem" before their lines or delete their entry. Save and exit then reboot the computer and run ban.bat as you normally would.

NT/2K/XP with Permanent:
Open your ban.bat and find the entry for the person to unban, you need their IP. Open a DOS Command prompt and use the format:
route delete (destination)
route delete 134.220.78.103
This will remove the entry from the table. Close the DOS box and go back to our edit of the ban.bat file and either put a "rem" before their lines or delete their entry. Save and exit then reboot the computer and run ban.bat as you normally would.

Updates:

Changed formatting for better readability and section breakdown. Some editting to flesh out the new sections as well as to more clearly explain masks, possible problems and permanent routes vs just batch file. Also unban section added.

Usage:

This guide may be used on any website as long as my name and website remain on it.

DogMeat

Ric-Soft
05-18-2005, 04:49 PM
Hello,

I'm a server hoster from 1.00 medal of honor. And I have a lot of buggers where i can't get rid of. I run Autokick, but even that options doesn't seem to work very good for our version. My question is; Does this method work for 1.00 as well?

Greets Ric-Soft :p

Ric-Soft
05-18-2005, 08:51 PM
sorry i found it out already before la familia comes and feck me up here about the silly post above :P

LaFam
05-18-2005, 08:59 PM
Well yeah Ric, what an ermm stupid post...but it came from you off course :p
Anyways...thx for this great proggie...luvvvvvvvvvvvv it....
Ric it works for all games i guess :rolleyes: :D

Ric-Soft
05-18-2005, 09:04 PM
you see that's what i meant :P

constantine
04-07-2007, 04:29 PM
Hello! To begin with I am apologizing that I am writing in the inapt theme but I don't know what I cannot create the new subject for: /

I am coming from Poland and I am putting public and private servers on the dedicated server (LINUX) and somebody is eating for me eternally crash. I charged from your mod/program page 'upload-1165083527-mohaapatch' I can install on windows and is he acting but I don't know how I can put it in on LINUX? (it is dedicated server). I am asking for a prompt reply and concise, announced best for precisely English pure vodkas in points what I am supposed to do for the turn to install. He is thanking for help from above and I am greeting!

GaSplat
04-07-2007, 04:46 PM
To start, you want the latest versions which are available many places. You can find these in the downloads section, look for the Linux server file under Allied Assault or Spearhead depending on which game you are running. There is no Breakthrough for Linux :o

As to other patches, some can be applied just by copying over some of the pk3 files - especially the map fixes. Not sure specifically what you are after.

constantine
04-07-2007, 04:53 PM
I don't know whether I understood well since it is at me heavily with English; /:) (Medal of Honor: Allied Assault 1.11 LINUX server) could you lead me to some good patches under linux? I am already looking 3 day of good patches among others to the program 'FILL' where you are giving to only IP and PORT in order to CRASH server.

rudedog
04-07-2007, 05:01 PM
Before using the latest linux bins (for your linux server)
http://www.fpsadmin.com/download/details.php?file=76

You need to install MOHAA and patch it , then upload the MOHAA files to your linux server , then apply the patch linked above.

constantine
04-07-2007, 05:05 PM
oK, probably I already know what he walks for. So:
1. He is installing mohaa
2. A 1.0 patch is 1.11
3. I am doing small patches
4. I am sending to the server
5. I am launching.

And whether he will be acting when I send only modified files? Since it has everything 500mb but I have the 125kb Internet; / in the end Poland; /

$or
07-22-2008, 09:57 AM
Hello, I have a couple of questions.
First, since I need to enter my local machine's IP address, I guess I have to run the file on my PC and It will only work when my pc is running, but my server is on another machine. So can I put the bat file in my server's machine, add some exec line somewhere and it will work?


Second, to add more IP's do I have to add these lines:
"echo Banning:
route add (Ip of banned) mask 255.255.255.255 (IP of server)"
Or just this one:
"route add (Ip of banned) mask 255.255.255.255 (IP of server)"


Third,
...The -p option does NOT work on Win98, on NT/XP...
...but on NT/2K/XP the -p option works just fine...
Does the -p option work in XP or not?




Thanks in Advance

$or

OldDog
07-22-2008, 12:53 PM
Does the -p option work in XP or not?




Thanks in Advance

$or
The -p works in XP.

$or
07-23-2008, 10:35 AM
The -p works in XP.
Oh yes, it's really useful!

Someone have an answer to my other questions?

OldDog
07-23-2008, 11:00 AM
Second, to add more IP's do I have to add these lines:
"echo Banning:
route add (Ip of banned) mask 255.255.255.255 (IP of server)"
Or just this one:
"route add (Ip of banned) mask 255.255.255.255 (IP of server)"
$or
Just the last line...unless you want to see each player noted as the commands execute.

$or
07-24-2008, 05:28 AM
Ok thanks, but about the local machine problem I stated above, was it RudeDogs point of the script to be executed on your PC alone whenever it's on or did he also mean executing it on a gameserver you pay for?

I guess what I'm saying is, can it be run on my server 24/7, when I add
exec BAN.bat
to the server.cfg (or when I do that, must it be a BAN.scr file?)
And adding that file to my server's main folder. My server is also 24/7 online.

Or isn't it all that simple?

OldDog
07-24-2008, 07:03 AM
Ok thanks, but about the local machine problem I stated above, was it RudeDogs point of the script to be executed on your PC alone whenever it's on or did he also mean executing it on a gameserver you pay for?

I guess what I'm saying is, can it be run on my server 24/7, when I add
exec BAN.bat
to the server.cfg (or when I do that, must it be a BAN.scr file?)
And adding that file to my server's main folder. My server is also 24/7 online.

Or isn't it all that simple?
Um, I think you've missed the point. BAN.BAT is not executed from your server.cfg, or anything to do with the game itself. It is executed on a Windows-based game server using the command prompt. There is no, nor can there be any such thing as "exec ban.bat" ... you have to log on to your Windows game server (whatever flavor of Windows), open a command prompt, and execute BAN.BAT. What this procedure does is to screw up the offender's internet connection by routing his IP address into the ozone. It's a TCP/IP trick, not a game feature.

GaSplat
07-24-2008, 06:50 PM
If you have the permissions, add it to your starup files so if the server reboots you don't have to go to start it manually.

Ric-Soft
07-24-2008, 08:31 PM
it's a bat file wich gives your networkcard the order to ban those ip's
It's not working for your server on a distance.
If you install this batfile on your server computer than it will also work for your server on distance. Mainly it's to instruct your networkcard to ban buggers!
Be careful to ban range of ip's because it means that you also ban people with almost simular ip's.

greets Soft

MajorWoody
07-24-2008, 09:57 PM
Here's something *much* simpler: http://phoenixlabs.org/pglite/

I started using this system when my routing table became gigantic and was effecting performance. I even rigged up a way to store the ban file in a central location and update every night on all my servers (back when i was a GSP). If someone need help doing that (only if you have multiple boxes and want to share the banlist between them) let me know and i'll write it up.

Download, unzip to C:\IPBAN (or some other name of your choosing).

Create a text file "guarding.p2p" enter bans like so in the text file:
Sample single ip ban:12.34.56.78-12.34.56.78
Sample subnet ban:34.56.78.1-34.56.78.255

So the file has a description (which is very handy) and a range of IPs. Single ips go in as a range as well, but just repeat the ip twice. Spacing matters if i remember right, so use my sample above and you'll be golden.

Save the text file and fire up pglite.exe. Right click on the system tray icon and make sure it's Enabled.

Create a shortcut to pglite.exe and drop it in your Startup folder and it'll load everytime to you reboot.

$or
07-25-2008, 06:01 AM
Wow, thanks Woody.

But this will only ban people when my pc is on?

OldDog
07-25-2008, 07:49 AM
Wow, thanks Woody.

But this will only ban people when my pc is on?
Uh, again, these procedures run on the SERVER, not on your PC...unless they are the same.

And, to be precise, you're not telling your network card to "ban" anything, you're telling the TCP/IP stack to route specific addresses away from your server (with the BAN.BAT method, that is).

Woody has a good point about the routing table, though...if you have a lot of addresses you want to ban, then pglite (or, it's larger brother Peer Guardian 2, and I believe there's a 3 now) is the way to go. The PG series uses very little cpu.

$or
07-25-2008, 08:09 PM
Okay thanks guys :)