Unfortunately, some people think it is funny to crash HaxBall rooms by using modified clients to flood game hosts. These crashes are either induced by joining a room multiple times or by flooding the host with an amount of packets that is sufficient to overstress Flash. Since these issues cannot be fixed at the Flash layer, this firewall aims to be an external helper to prevent these attacks from impacting the game performance.
The firewall depends on the libnetfilter-queue-dev
package. On Ubuntu or Debian, this package can be installed using apt-get
.
After having installed the dependencies, clone the repository using git clone https://github.com/haxmod/haxball-firewall-linux
.
Then cd haxball-firewall-linux
and compile the program using make
. You may need to install the git
and build-essential
packages in case these steps fail.
Run the script filter.sh
as root
before starting the actual firewall. It will create a new iptables
rule delegating the decision of dropping UDP packets to the firewall program using NFQUEUE. The filter script should only be executed once per computer start. After restarting the computer, the script has to be run again because iptables
rules are not persistent.
Finally, simply run the firewall as root using ./bin/firewall
. It will prevent multiport UDP denial of service attacks as well as packet flood attacks. If you would like to run the program in the background, you can make use of nohup
.
Use the --block-data-centers
flag in order to block IP address ranges from data centers. This will ban most shady users that use proxies and VPN servers for playing HaxBall. They will not be able to connect to your room.