diff options
author | Haru <haru@dotalux.com> | 2015-08-10 21:48:48 +0200 |
---|---|---|
committer | Haru <haru@dotalux.com> | 2015-08-11 15:17:11 +0200 |
commit | e13f1f782a9d8d25cc622d050644c7f29c1bfd5e (patch) | |
tree | 34e7565fe11ead41519428143b3dc44b752b6e4b /conf | |
parent | a8e54e5688bd3d7b8e9073274ff611040c3178ab (diff) | |
download | hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.tar.gz hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.tar.bz2 hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.tar.xz hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.zip |
subnet.conf overhaul
The subnet.conf system has been rewritten to offer greater flexibility,
and to fix some issues that appeared with 838321a36c79e71117320154c9b611c99e93af03.
It is now possible to enter, separately, LAN subnets:
- `lan_subnets`: This is essentially the same feature present in the old
subnet.conf. Each entry in this list defines a (LAN, private) subnet
the server is in. Clients connecting from the same subnet, will be
redirected to the LAN IP rather than the default public IP. The format
has been simplified, and it only requires one IP and one subnet mask (as
opposed to a character and a map server IP).
- `allowed`: Allowed IPs are IP ranges a server (char to login or map to
char) can connect from. Any attempt to connect as a server from an IP
not included here, will fail. For convenience, a wildcard range
(matching all possible IP addresses) has been provided
(`0.0.0.0:0.0.0.0`), but it is very advisable to edit it to a more
restrictive set.
- `trusted`: Trusted IPs are IP ranges excluded from the IPban checks.
This may be useful, for example, to exclude the server's own IP from
ipbans, in case of false positives. Any IP ranges added to this list are
also implicitly included in the allowed IP ranges.
Diffstat (limited to 'conf')
-rw-r--r-- | conf/network.conf | 37 | ||||
-rw-r--r-- | conf/subnet.conf | 7 |
2 files changed, 37 insertions, 7 deletions
diff --git a/conf/network.conf b/conf/network.conf new file mode 100644 index 000000000..b355acb25 --- /dev/null +++ b/conf/network.conf @@ -0,0 +1,37 @@ +// Network configuration file + +/* + * List here any LAN subnets this server is in. + * Example: + * - char- (or map-) server's IP in LAN is 192.168.0.10 + * - Public IP is 198.51.100.37 + * If the list contains "192.168.0.10:255.255.255.0", any clients connecting + * from the same 192.168.0.0/24 network will be presented with the LAN IP + * (192.168.0.10) in the server list, rather than the public IP (198.51.100.37). + */ +lan_subnets: ( + "127.0.0.1:255.0.0.0", + // "192.168.1.1:255.255.255.0", +) + +/* + * List here any IP ranges a char- or map-server can connect from. + * A wildcard of "0.0.0.0:0.0.0.0" means that server connections are allowed + * from ANY IP. (not recommended). + */ +allowed: ( + "0.0.0.0:0.0.0.0", + // "127.0.0.1:255.0.0.0", +) + +/* + * List here any IP ranges a char- or map-server can connect from. These ranges + * will also be excluded from the automatic ipban in casee of password failure. + * Any entry present in this list is also automatically included in the + * allowed IP list. + * Note: This may be a security threat. Only edit this list if you know what + * you are doing. + */ +trusted: ( + "127.0.0.1:255.0.0.0", +) diff --git a/conf/subnet.conf b/conf/subnet.conf deleted file mode 100644 index 5f2c75a99..000000000 --- a/conf/subnet.conf +++ /dev/null @@ -1,7 +0,0 @@ -// Subnet support file -// Format is: -// subnet: net-submask:char_ip:map_ip -// you can add more than one subnet - -subnet: 255.0.0.0:127.0.0.1:127.0.0.1 -subnet: 0.0.0.0:127.0.0.1:127.0.0.1 |