At the moment, our CoD 4 admin team (including myself) finds the B3 RCON tool inconsistent and sometimes doesn't ban players correctly (the player can stay on the server). A project I've been wanting to work on includes building a web page implemented into the forums where our admins can submit IPs in and it'll ban these IPs on a firewall level using IPTables.
How The Back End Will Work
So the front end will be an IPS 4 page with a form including a small text box (for the IP) and a submit button. This is by far the easiest part of the project.
As for the back end, firstly, I will be making a custom chain via IPTables on the CoD 4 server machine:
iptables -N cod4 iptables -t filter -A INPUT -j cod4
I plan on making a database with the following structure:
- ID|int (id) - The unique ID of the row (auto-increment).
- IP|varchar (ip) - The IP address of the user. This will have a length of 11 characters or so.
- Date Added|int (dateadded) - The UNIX timestamp of when the row was added.
- Added|int (added) - 0 = Yet to be added, 1 = Added.
So, when the form is submitted, the back end script (through PHP) will enter the information into the database following the above structure. The added value will be 0 (default).
I will be creating a bash file on the CoD 4 machine that will be ran every 5 minutes with a cron job. There will be a back end PHP script that retrieves all the database rows with added set to 0. It will convert the data into a JSON and echo to the page. I will also ensure the script has an IP whitelist using the $_SERVER['REMOTE_ADDR']. Anyways, the bash script will request the page and store the data from the page (the JSON data) into a variable and convert it into an array. It will loop through each array and execute the following command that'll add the IP to the cod4 IPTables chain:
iptables -I cod4 -s $ip -j DROP
After it adds the IP to the chain, it will request another back end PHP script (which will also be IP white list protected) with the blocked IP included in the POST. Once this page is requested, it will set added to 1 in the row with the blocked IP address. Basically this will tell the back end script above that this IP was already blocked and there isn't a need to block it again.
That is basically it. I will also be adding two other functionalities including checking if an IP was blocked through the firewall and removing an IP from the blocked firewall. I will also add security checks to the IP submitted to be blocked (e.g. ensuring it's a valid IP and no malicious injection code).
This is a project moved from our old Technical Tasks database to the Projects database. Some sensitive information may have been cut out when moving to the public.
Edited by Roy