AntiMomentum

Updating this post to include the Rootless Docker version of nohup. Everything nohup for Wine could do now applies to rootless Docker containers! No need to even install privileged Wine to your vps or whatever (Ubuntu 20.04LTS only for now): https://github.com/antimomentum/haloce/tree/master/Docker/rootless/guided-install Also there's a new firewall. The firewall will finally allow connections the linux server initiates. This means things like apt update are now possible while the firewall is running! It's similar to what ufw does by automatically dropping non-initiated connections, but while still filtering halo packets! The firewall includes DoS protections, which includes Sappboom protection, but it is still recommended to update your halo server: https://opencarnage.net/index.php?/topic/2940-halo-custom-edition-download/ Yep. You can now have basic network functionality to the linux server beyond just for halo lmao. While having the security of an unprivileged account to run Wine. With the benefits nohup provides. The catch is Docker no longer has privileges to assign its own ports. All port assignments you see in my start/nohup start examples for rootless Docker are to align the ports for Docker not with the host too. The kernel will pick a random port in the range shown by: cat /proc/sys/net/ipv4/ip_local_port_range but as long as your ubuntu server can get packets from the natneg server (54.82.252.156, included in the WHITELIST ipset of my firewall) and the master server (which haloceded.exe will automatically reach out to) then your server should appear in the list and be joinable even if you haven't download the Docker images yet. You can get the public facing port number(s) by doing: lsof |grep vpnkit| grep UDP| grep ':' | sed 's/^.*://' Docker-compose installation has been added to the bottom of the rootless readme: https://github.com/antimomentum/haloce/blob/master/Docker/rootless/guided-install/README.md

Well it's been a long time but here it is: https://github.com/antimomentum/haloce/tree/master/Docker/rootless I can't say Ubuntu 20.04 would be my first choice. But it's the only rootless install that's worked for me so far. Also unlike ufw, Docker is unable to bypass my firewall with its iptables rules. Since rootless Docker doesn't have port or iptables privileges it might not bypass ufw though.

Ah thanks that seems to have fixed it for me as well. I didn't know that causes scripts to be loaded earlier apparently

Is this a laptop? Because if an external keyboard like for a Desktop got mashed it shouldn't cause ping spikes especially not after a reboot. I've seen Windows act up persistently after being dropped in a laptop even when the hard drive itself survives without issue. Beyond just ping spikes. Speaking of the drive you should backup any important data right away if this is a laptop since there's a chance it could be damaged. Once you've done that I would start the Windows Reset with the Keep My Files option. This will uninstall all your games and programs so again be sure you have whatever you want/need backed up first. But the reinstall has fixed weird OS issues for me in the past and this sounds like one of those. https://support.microsoft.com/en-us/windows/give-your-pc-a-fresh-start-0ef73740-b927-549b-b7c9-e6f2b48d275e Keep in mind this could take a long time. Especially if Windows is corrupt or the drive is damaged. Just assume it will take hours.

Those running halo servers in Linux might fight this interesting. As you are aware the halo server console takes up the cli terminal while it's running. There are ways around this such as using Docker, screen, tmux, and more. And people running multiple halo servers in Linux have defintely run into this issue in the cli. But there is another way, nohup It's probably already in your debian, centos, other major distro if it's not a minimal build too By using nohup and aliases we can not only get the terminal back, run multiple halos from one terminal without extra stuff, but we can even issue halo server commands *from the terminal* Other uses include being able to tail the in game chat from the halo console output to look for cheat complaints, and possibly setting up an alert system: https://github.com/antimomentum/haloce/tree/master/wine/nohup-aliases At the bottom of the github README I've added an example remote setup to view the halo console from a web browser *new update* Rootless Docker nohup install: https://github.com/antimomentum/haloce/tree/master/Docker/rootless/guided-install

Nice, your updated script is kicking an ip from both a /24 and the same ip in a larger /18 range. It seems to require actually joining though so I'm not sure if I'll be able to test the entire ranges. When I have some time I should at least be able to try it using some ips that sapp itself missed with the /18 123 ips in ipbans.txt

I went ahead and tested it. For some reason basic_rangeban.lua doesn't seem to be working for me even though the halo console says it's successfully loaded. Also tried switching api version to 1.12.0.0 didn't help. I also did a smaller /24 ban using your script by itself and then sapp's built-in ip range ban by itself to make sure it wasn't just some deeper issue with sapp/halo, sapp was able to do the /24 ban but the script did not ban any of the ips.

Finally got around to vlan testing. With the ban of this in ipbans.txt: test:123.123.64.0/18:ban:0 the ban works until getting to 123.123.65.x which is only banning 256 of like 16,000+ ips So I'm thinking sapp might be limited to just /24 but I'm not really sure exactly what the issue is yet. But there is no doubt some kind of issue with the sapp range ban one way or another. I'd say it's best to do range bans on a firewall. *update* ban is working again at 123.123.68.x lol. So it's not even as simple as being /24 only ban stopped working again at 123.123.69.x Going to stop the test at this point. I went ahead and ran the 66 individual /32 cheater/DoS ips I have in my ipabns.txt from many different ranges. All were still banned thankfully, seems to just be a range issue.

Yeah, no problem One thing you can do is check cheater ips against your past server logs and seeing if legit players also joined in the same ip range. If they don't have the same range ban it, provided your logs have "enough" records. I actually didn't know sapp could do the range bans until that comment and trying your 3 examples in ipbans.txt, thanks! I've just been doing this at the firewall(s) I'll test this sometime today by putting it in a vlan since you can throw whatever ip you want at it from inside a local network I'll start a capture and send halo query packets at it from different source ips

Ok, the ip ranges can be different sizes. What I mean by that is as 123.123.123.123 could be in a /24 network, which has 256 ips or 254 hosts. However that ip could be in a larger block, like /8 with over 16 million ips. It all depends on how the whole network gets divided. More specifically for this purpose which ISP owns the specific public network block (which also has an ASN number tied to it as a side note). The organization owning the ip block and ASN are public information. They must submit a request to IANNA and pay for the addresses to get the block of ipv4 ip addresses from whoever already owns them. The larger the block the more it costs. Anyways: To show this go to ipinfo.io in your browser and put that 123 ip in. You'll see it's owned by some Chinese host. It's an isp and this isp apparently owns this ip block: 123.123.64.0/18 If you scroll down you'll even see that ip block is within an even larger 123.112.0.0/12 network, probably a backbone with multiple hosts using it including the isp. So 123.123.64.0/18 is one subnet within 123.112.0.0/12. So you'd ban the 123.123.64.0/18 network since the ip belongs to that ASN block of public ips. There is a nuance though. Some of the ISPs have both cheaters and legit players, like Telmex. It's still ultimately going to come down to how vigilant you are admining the server manually especially since the player's real ip can be hidden, but this range ban has helped for some cheaters not saying it's useless either.

Your internet speeds are certainly enough to host a halo server, even multiple servers so that's not the issue. Surprised you get more upload than download that's rare for a home connection. "What is the difference between actual VPSs that you purchase online and my laptop that has Windows Server Standard 2022?" It may not be the laptop. It could be your ISP's firewall (or dynamic network if they use that). But You mentioned the halo server dropping some pings from yourself. When you clicked on your server multiple times you were also on the same home network correct? If so I'd check and see if there are any driver updates fo'r the network interface card on the laptop from the NIC's manufacturer's website. I'd also run a packet capture tool like Wireshark on at least the laptop, for instance when clicking on the halo server multiple times if you see the laptop doesn't even send a packet out for one of the clicks, it's definitely a software issue on the laptop itself. With the small exception of a lose cable inside it. And it's likely the driver for the NIC but it could be some other software issue. Perhaps an old windows firewall bug or something else if you haven't updated it. Pretty sure like regular windows OSes the server versions will try to install generic net drivers if it can't find the correct manufacturer driver in its own lists.