AntiMomentum

Member
  • Content count

    66
  • Joined

  • Last visited

  • Raffle Tickets

    0

About AntiMomentum

Extra Information

  • Gender

Contact Methods

  1. Those running halo servers in Linux might fight this interesting. As you are aware the halo server console takes up the cli terminal while it's running. There are ways around this such as using Docker, screen, tmux, and more. And people running multiple halo servers in Linux have defintely run into this issue in the cli. But there is another way, nohup It's probably already in your debian, centos, other major distro if it's not a minimal build too By using nohup and aliases we can not only get the terminal back, run multiple halos from one terminal without extra stuff, but we can even issue halo server commands *from the terminal* Other uses include being able to tail the in game chat from the halo console output to look for cheat complaints, and possibly setting up an alert system: https://github.com/antimomentum/haloce/tree/master/wine/nohup-aliases *update* At the bottom of the github README I've added an example remote setup to view the halo console from a web browser
  2. Nice, your updated script is kicking an ip from both a /24 and the same ip in a larger /18 range. It seems to require actually joining though so I'm not sure if I'll be able to test the entire ranges. When I have some time I should at least be able to try it using some ips that sapp itself missed with the /18 123 ips in ipbans.txt
  3. I went ahead and tested it. For some reason basic_rangeban.lua doesn't seem to be working for me even though the halo console says it's successfully loaded. Also tried switching api version to 1.12.0.0 didn't help. I also did a smaller /24 ban using your script by itself and then sapp's built-in ip range ban by itself to make sure it wasn't just some deeper issue with sapp/halo, sapp was able to do the /24 ban but the script did not ban any of the ips.
  4. Finally got around to vlan testing. With the ban of this in ipbans.txt: test:123.123.64.0/18:ban:0 the ban works until getting to 123.123.65.x which is only banning 256 of like 16,000+ ips So I'm thinking sapp might be limited to just /24 but I'm not really sure exactly what the issue is yet. But there is no doubt some kind of issue with the sapp range ban one way or another. I'd say it's best to do range bans on a firewall. *update* ban is working again at 123.123.68.x lol. So it's not even as simple as being /24 only ban stopped working again at 123.123.69.x Going to stop the test at this point. I went ahead and ran the 66 individual /32 cheater/DoS ips I have in my ipabns.txt from many different ranges. All were still banned thankfully, seems to just be a range issue.
  5. Yeah, no problem One thing you can do is check cheater ips against your past server logs and seeing if legit players also joined in the same ip range. If they don't have the same range ban it, provided your logs have "enough" records. I actually didn't know sapp could do the range bans until that comment and trying your 3 examples in ipbans.txt, thanks! I've just been doing this at the firewall(s) I'll test this sometime today by putting it in a vlan since you can throw whatever ip you want at it from inside a local network I'll start a capture and send halo query packets at it from different source ips
  6. Ok, the ip ranges can be different sizes. What I mean by that is as 123.123.123.123 could be in a /24 network, which has 256 ips or 254 hosts. However that ip could be in a larger block, like /8 with over 16 million ips. It all depends on how the whole network gets divided. More specifically for this purpose which ISP owns the specific public network block (which also has an ASN number tied to it as a side note). The organization owning the ip block and ASN are public information. They must submit a request to IANNA and pay for the addresses to get the block of ipv4 ip addresses from whoever already owns them. The larger the block the more it costs. Anyways: To show this go to ipinfo.io in your browser and put that 123 ip in. You'll see it's owned by some Chinese host. It's an isp and this isp apparently owns this ip block: 123.123.64.0/18 If you scroll down you'll even see that ip block is within an even larger 123.112.0.0/12 network, probably a backbone with multiple hosts using it including the isp. So 123.123.64.0/18 is one subnet within 123.112.0.0/12. So you'd ban the 123.123.64.0/18 network since the ip belongs to that ASN block of public ips. There is a nuance though. Some of the ISPs have both cheaters and legit players, like Telmex. It's still ultimately going to come down to how vigilant you are admining the server manually especially since the player's real ip can be hidden, but this range ban has helped for some cheaters not saying it's useless either.
  7. Your internet speeds are certainly enough to host a halo server, even multiple servers so that's not the issue. Surprised you get more upload than download that's rare for a home connection. "What is the difference between actual VPSs that you purchase online and my laptop that has Windows Server Standard 2022?" It may not be the laptop. It could be your ISP's firewall (or dynamic network if they use that). But You mentioned the halo server dropping some pings from yourself. When you clicked on your server multiple times you were also on the same home network correct? If so I'd check and see if there are any driver updates fo'r the network interface card on the laptop from the NIC's manufacturer's website. I'd also run a packet capture tool like Wireshark on at least the laptop, for instance when clicking on the halo server multiple times if you see the laptop doesn't even send a packet out for one of the clicks, it's definitely a software issue on the laptop itself. With the small exception of a lose cable inside it. And it's likely the driver for the NIC but it could be some other software issue. Perhaps an old windows firewall bug or something else if you haven't updated it. Pretty sure like regular windows OSes the server versions will try to install generic net drivers if it can't find the correct manufacturer driver in its own lists.
  8. *edit* Moving my reply to the appropriate post. As for buyvm being out of stock that's unfortunate. But they are still active from what I see in the Discord so I'd keep checking for availability.
  9. np, I would be interested to know how it goes if you end up using anycast with ddos protection from them. This is by far the cheapest anycast provider I've found. AWS charges like $1000 /month for this sort of thing. Cloudflare itself charges $3000/month. There was another host that charges like $50/month for the anycast itself but I forgot what it was, but if BuyVM doesn't work out I'll try and find it again if you want to try it. As for the gateway it looks intimidating but really it's just a matter of picking the right guided install script for the linux distro OS of the vps, running it, and answering the 3 questions it will prompt you for in order to make configs (firewall and wireguard client files). Once it's done you copy client1.conf (or client2.conf) file it makes to the Windows server's Wireguard and click Activate. And run ./start.sh on the gateway. This completes both ends of tunnel (Wireguard has a Windows installer) Granted yeah you could run into issues like getting locked out of ssh or RDP but I don't mind helping out some if needed should you decide to try it. And as usual rebooting the vps will flush my firewall, along with wireguard rules on the gateway should it lock out.
  10. Buyvm has anycast without being ridiculously expensive, there's also OVH that has DDoS protection but no anycast or Dallas region. I haven't tried Buyvm yet though. Buyvm has a Discord too. If affordability is the main concern Linode doesn't even charge for incoming bandwidth. I don't think OVH does either. As long as you are running one of my iptables firewalls it will indeed prevent reflection so that you don't get any extra charges for outgoing bandwidth even if you get flooded constantly. This is true for any host that doesn't charge for incoming bandwidth. Linode also has an API for their outside/edge firewall so that you can send player ips up to it for whitelisting, but it takes 8 seconds to update and that is enough time for a larger attack to knock out players (most edge firewalls take longer than 8 seconds). https://github.com/antimomentum/haloce/tree/master/firewalls You could also use a Linux server as a gateway while the halo server runs at the other end of the tunnel on Windows or Linux or even MacOS since Wireguard works in those OSes. If you do that I would be sure the gateway is in the same region as the real halo server (unless you're doing anycast). So yeah you could have a gateway on Linode with say, a Windows Vultr server behind it running halo. https://github.com/antimomentum/haloce/tree/master/firewalls/vpngateway
  11. nice, the patched exe is now in halopull github repo and antimomentum/halo docker container
  12. When running the ufw rules in that order on the github the port is open. With 0.0.0.0 replaced with a specific ip address of course. iptables is sequential, and the first ufw rule (ufw allow 5901/tcp) already accepts all for 5901 To whitelist that port for a static ip adress (when used with your other rules) replace this rule: ufw allow 5901/tcp with this rule (the ip address here is just an example of course): ufw allow from 45.56.67.78 proto tcp to any port 5901 On a side note: ufw default reject incoming will still send an icmp destination unreachable response back to whatever ip sent the packet. Which can be useful for troubleshooting purposes. However this will just silently drop the packet: ufw default deny incoming