summaryrefslogtreecommitdiff
path: root/conf/network.conf
diff options
context:
space:
mode:
authorHaru <haru@dotalux.com>2015-08-10 21:48:48 +0200
committerHaru <haru@dotalux.com>2015-08-11 15:17:11 +0200
commite13f1f782a9d8d25cc622d050644c7f29c1bfd5e (patch)
tree34e7565fe11ead41519428143b3dc44b752b6e4b /conf/network.conf
parenta8e54e5688bd3d7b8e9073274ff611040c3178ab (diff)
downloadhercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.tar.gz
hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.tar.bz2
hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.tar.xz
hercules-e13f1f782a9d8d25cc622d050644c7f29c1bfd5e.zip
subnet.conf overhaul
The subnet.conf system has been rewritten to offer greater flexibility, and to fix some issues that appeared with 838321a36c79e71117320154c9b611c99e93af03. It is now possible to enter, separately, LAN subnets: - `lan_subnets`: This is essentially the same feature present in the old subnet.conf. Each entry in this list defines a (LAN, private) subnet the server is in. Clients connecting from the same subnet, will be redirected to the LAN IP rather than the default public IP. The format has been simplified, and it only requires one IP and one subnet mask (as opposed to a character and a map server IP). - `allowed`: Allowed IPs are IP ranges a server (char to login or map to char) can connect from. Any attempt to connect as a server from an IP not included here, will fail. For convenience, a wildcard range (matching all possible IP addresses) has been provided (`0.0.0.0:0.0.0.0`), but it is very advisable to edit it to a more restrictive set. - `trusted`: Trusted IPs are IP ranges excluded from the IPban checks. This may be useful, for example, to exclude the server's own IP from ipbans, in case of false positives. Any IP ranges added to this list are also implicitly included in the allowed IP ranges.
Diffstat (limited to 'conf/network.conf')
-rw-r--r--conf/network.conf37
1 files changed, 37 insertions, 0 deletions
diff --git a/conf/network.conf b/conf/network.conf
new file mode 100644
index 000000000..b355acb25
--- /dev/null
+++ b/conf/network.conf
@@ -0,0 +1,37 @@
+// Network configuration file
+
+/*
+ * List here any LAN subnets this server is in.
+ * Example:
+ * - char- (or map-) server's IP in LAN is 192.168.0.10
+ * - Public IP is 198.51.100.37
+ * If the list contains "192.168.0.10:255.255.255.0", any clients connecting
+ * from the same 192.168.0.0/24 network will be presented with the LAN IP
+ * (192.168.0.10) in the server list, rather than the public IP (198.51.100.37).
+ */
+lan_subnets: (
+ "127.0.0.1:255.0.0.0",
+ // "192.168.1.1:255.255.255.0",
+)
+
+/*
+ * List here any IP ranges a char- or map-server can connect from.
+ * A wildcard of "0.0.0.0:0.0.0.0" means that server connections are allowed
+ * from ANY IP. (not recommended).
+ */
+allowed: (
+ "0.0.0.0:0.0.0.0",
+ // "127.0.0.1:255.0.0.0",
+)
+
+/*
+ * List here any IP ranges a char- or map-server can connect from. These ranges
+ * will also be excluded from the automatic ipban in casee of password failure.
+ * Any entry present in this list is also automatically included in the
+ * allowed IP list.
+ * Note: This may be a security threat. Only edit this list if you know what
+ * you are doing.
+ */
+trusted: (
+ "127.0.0.1:255.0.0.0",
+)