[lesim2005]

Hello,

I am looking for a way to restrict the usage of rcon to localhost only but i can't find how.

I know how to do it when the user login in-game with OnRconLoginAttempt, but when the user login with the rcon utility there is no way to know ?

I host my server on my own dedicated. Maybe there is something i can do here ?

[iJumbo]

You can disable the rcon utility by setting the query to 0 in server.cfg

[Matnix]

I don't really understand, is that you want to mean?

pawn Код:

public OnRconLoginAttempt(ip[], password[], success)
{
    new playerIP[16];
    if(IsPlayerConnected(i))
    {
        GetPlayerIp(i, rIP,sizeof(rIP)); // get is ip
        if(!strcmp(rIP, 127.0.0.1, true)) // if is ip is 127.0.0.1
        {
            if(success) // if the pass is correct
            {
                // blablablabla
                return 1;
            }
            else // if the pass is not correct
            {
                // blablabla
                return 1;
            }
            return 1;
        }
        else // is ip is not 127.0.0.1
        {
            // blablablabla
            return 1;
        }
        return 1;
    }
    return 1;
}//matnix

Correct me if I'm wrong

[Vince]

Won't stop the remote RCON. I presume you could enable a firewall to block incoming RCON packets, filtering them against a whitelist of allowed IPs. Not sure how to do it, though.

[Pottus]

Quote:

Originally Posted by Matnix I don't really understand, is that you want to mean? pawn Код: public OnRconLoginAttempt(ip[], password[], success) {     new playerIP[16];     if(IsPlayerConnected(i))     {         GetPlayerIp(i, rIP,sizeof(rIP)); // get is ip         if(!strcmp(rIP, 127.0.0.1, true)) // if is ip is 127.0.0.1         {             if(success) // if the pass is correct             {                 // blablablabla                 return 1;             }             else // if the pass is not correct             {                 // blablabla                 return 1;             }             return 1;         }         else // is ip is not 127.0.0.1         {             // blablablabla             return 1;         }         return 1;     }     return 1; }//matnix Correct me if I'm wrong

GG you've used 6 useless returns


@Edit Let me just sum it up quick for you then..

pawn Код:

CMD:somecommand(playerid, arg[])
{
    if(IsPlayerAdmin(playerid))
    {
        // We don't need return here it will go to end of function scope and return anyways
    }
    else
    {
        // We don't need return here it will go to end of function scope and return anyways
    }
    return 1;
}

Basically what I'm getting at is you don't need returns when your code is going to return on the next line anyways.

Sometimes you might want to return however such as in a dynamic system

pawn Код:

stock AddSomething(Float:x, Float:y, Float:z)
{
    for(new i = 0; i < MAX_SOMETHING; i++)
    {
        if(Something[i] == -1)
        {
            Something[i] = CreateObject(.... x, y, z);
            // Return array index
            return i;    
        }
    }
    // Return invalid index failure
    return -1;
}

You need to try and avoid using return whenever possible only use it when it makes sense a lot of people don't do that and litter their code with return's that don't need to be there. This can make debugging more difficult because you might not know which line your code returns at and also introduces multiple exit points. Now that is not always bad you just need to choose when and where you do it with purpose

[Matnix]

Ahah, thanks you. It's for this reasons I told you guys to correct me, I wasn't sure about some of my returns.

[lesim2005]

Thanks for your replies.

I found a solution using iptables !

Код:

iptables -A INPUT -p udp --dport 7777 -i eth0 -m string --algo kmp --hex-string '|50 14 61 1e 78 06|' -j DROP

In this way, no one can connect from outside but players can still join and in-game rcon still works !

[lesim2005]

The above solution works for the official rcon, which is in the zip with the server. However, this does not work for brute-force bot as SAMPBrute. The packets are not forged in the same way and the instance sought does not appear.

There is a match between the two types of packets: the character "x" at offset 53. This tells the server that it is a RCON command.

I would drop matching packets but I did not managed yet. I tried with the settings "--from 52" and "--to 52" to narrow the search at offset 53 (count from 0),

Код:

iptables -A INPUT -p udp --dport 7777 -i eth0 -m string --algo kmp --hex-string '|78|' --from 52 --to 52 -j DROP

but there is no match

[Hamam]

Just put rcon 0