14:33 < bridge> <Assa> does anyone of you have fail2ban rules for teeworlds? Of course teeworlds doesn't have a login, but you can rate limit connection attempts from the same ip
14:35 < bridge> <Assa> the interesting part is the failregex which reads the teeworlds logs
16:10 < ChillerDragon> You mean all connections right? Not just rcon attempts? Because if you find a rule for rcon attempts let me know :) currently all my tw servers can be rcon password bruteforced and the retry counter restarts on reconnect
16:11 < ChillerDragon> Also are you talking about THE fail2ban thing that is used for ssh? Or just general firewall rules? I did not know fail2ban is that customizable
16:15 < ChillerDragon> Oh yea seems like it is. I always thought fail2ban is some network packet inspector from 1907 written in C but seems to be just a log parser in python :D But does the tw server even log to the file which fail2ban looks at?
16:18 < ChillerDragon> Oh yea seems like this is the option to specify the log https://github.com/fail2ban/fail2ban/blob/master/man/fail2ban-server.1#LL28C8-L28C17
16:18 < ChillerDragon> So you would just need a regex for the player is ready log message i assume? https://github.com/chillavanilla/TeeworldsEconMod/blob/fbc0198c33b552ba1460b4c705eafbc8d5686f33/test/logs/075_new_id_format.log#L45
16:29 < ChillerDragon> I did not test but something like that should work ``\[\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2}\]\[server\]: player is ready. ClientID=\d addr=<HOST>:\d+``
16:30 < ChillerDragon> ``failregex = ^\[\d{4}\-\d{2}\-\d{2} \d{2}:\d{2}:\d{2}\]\[server\]: player is ready. ClientID=\d addr=<HOST>:\d+$``
16:32 < ChillerDragon> If you try to fix ddos or something like that it might not help. Because there are a lot of packages exchanged before the "player is ready" message is being printed
16:33 < ChillerDragon> 6 packets minimum have already been exchanged at this stage https://chillerdragon.github.io/teeworlds-protocol/07/traffic.html#cl_srv_ready
17:52 < bridge> <ReiTW> wasn't that implemented directly ? lol
17:55 < bridge> <Assa> it is generally used as a firewall tool, I use it for my nextcloud, too. I am not worried about the person who tries to connect 5 dummies to a teeworlds server, I am worried about the person who tries 100 tcp connections at once
17:56 < bridge> <Assa> you can configure the file fail2ban looks at, and I want to look at the server log and regex parse it
17:57 < bridge> <ReiTW> I meant the same IP on teeworlds directly
17:57 < bridge> <ReiTW> there was an option if you flood
18:00 < bridge> <Assa> banning at the firewall is one level higher than in teeworlds, thanks for the regex, I'll have a look at it
18:00 < bridge> <ReiTW> well 1st it's udp, and 100 connections at once doubt it'll do huge damage
18:00 < bridge> <Assa> also with fail2ban you can ban rcon attempts as long as they are from the same IP, you can't do much against distributed attacks
18:02 < bridge> <ReiTW> for me it's a bit overkill to use it
18:03 < bridge> <Assa> really, let me have a look and I give you some stats
18:04 < bridge> <Assa> today I already banned 8 people trying to login into the server with ssh with it
18:05 < bridge> <ReiTW> yes ssh because it doesn't implement any "ban" after x fail attempt
18:05 < bridge> <ReiTW> even it's more useless when you disable password auth & only use ssh keys
18:06 < bridge> <ReiTW> but for teeworlds (maybe it's only ddnet?) there's a rcon command to say "if I receive too much connection requests, I ban the IP for 1min"
18:10 < bridge> <ReiTW> ah maybe there's not even a cmd, but it's there
18:10 < bridge> <ReiTW> https://cdn.discordapp.com/attachments/490150878934990850/1110600543602213005/image.png
18:14 < bridge> <Assa> thank you ^^ I hope my security measures are well enough