23.02.2011 - 01:16:28
Hi everybody!
First of all I wish to thank schnoog and all the others for their interest in this matter and for their contribution in making this world safer for gamers and server-admins.
I tried the script and it didn't work for me though well, not as it was anyway, and it took me over an hour to figure out why, so now I am here to tell about my trouble and how I got around it.
You should know that my server has multiple network adapters, each connecting to different networks, as I suspect many other servers do. The external NIC (or interface) in my server, the one facing the Internet, happens to be called eth3, but it turns out that your script assumes it's dealing with the first (or only) interface, i.e. eth0, and so no suitable traffic gets logged in file_bans.
So my first suggestion is that you create one more user configurable constant in the "CONFIGURATION" section, something like this:
IF=eth0 # the name of your external interface, the one connected to the Internet
and then modify the tcpdump line to monitor that specific interface:
$TCPDUMPBIN -f -c 100000 -A -i $IF >$tmpout 2>$cntout &
The second problem I ran into was that my firewall is pretty complex and it already had a bunch of DROP, REJECT and ACCEPT rules in the INPUT chain, so when your script added a few more DROP rules at the bottom of the chain (because of the -A), the bans had no effect, because they were trying to drop some packets that were already accepted by the ACCEPT rules.
So my suggestion is that you modify the iptables rule to do "$IPTABLESBIN -I ... " instead of "$IPTABLESBIN -A ... ", so that the rules get inserted at the top of the INPUT chain and can no longer be overruled by any ACCEPT rules that may follow in the firewall.
Once I applied the second adjustment the script worked for me too I hope this helps!
last changed by Wussie am 23.02.2011 - 13:15:30