Step 3: Installing CoD2
Installing cod2 is as simple as uploading the lnxded file (see another thread here on killtube for the binary files) to, for example, /home/USERNAME/_bin/cod2/cod2_lnxded_1_3 . This needs at least file permissions 500, (read+execute for the owner, assuming you're gonna run this under your own username) so
Code:
chmod 500 cod2_lnxded_1_3
Then you need to upload the corresponding main directory to your server (note: main directories differ between v1.0/1.2/1.3) to, for example, /home/USERNAME/_stock/cod2_1_3/main/
These files need to be readable by the useraccount that will start the server
Step 4 (optional): Installing libcod prerequisites
As copied from the libcod github:
Code:
sudo apt-get -y install gcc-multilib
sudo apt-get -y install libmysqlclient-dev:i386
sudo apt-get -y install g++-multilib
I've tried installing these all in one command, but that failed for some unknown reasons. So just keep these as separate commands.
Step 5 (optional): compiling libcod from source
In order to compile libcod, you first need to obtain the source code. There are currently multiple libcod versions out there:
Kung foo man's original version
Mitch's version which is a bit more experimental and has a few more features than the original version
Php's version has a few nice functions but seems to be out-of-date
voron00's version which seems to be the best maintained version currently
To obtain the code, either download the source from github and upload, or
Code:
sudo apt-get install git
git clone [github url here]
You can then easily compile the stuff with
Code:
./doit.sh clean
./doit.sh base
./doit.sh cod2_1_3
For different cod versions, change the last line.
The final product (the actual libcod "executable") is then inside the bin folder as libcod2_1_3.so
Step 6: Starting your CoD2 server
Create a .sh file with the following contents:
Code:
#!/bin/bash
sv_maxclients="32"
fs_game="your_mod_folder_here"
fs_homepath="/home/USER_HERE/YOUR_COD_DIR"
cod="/full/path/to/cod2_1_3_lnxded"
com_hunkMegs="256"
config="configfile.cfg"
net_port="28960"
args=\
"+set fs_homepath \"$fs_homepath\" "\
"+set fs_game $fs_game "\
"+set net_port $net_port "\
"+set com_hunkMegs $com_hunkMegs "\
"+set sv_maxclients $sv_maxclients "\
"+set fs_basepath \"$fs_homepath\" "\
"+exec $config"
$cod $args +set g_gametype tdm +map mp_toujane
Adjust where required.
Then, start your server with:
To keep your server running after you leave the ssh session, use screen:
Code:
screen -AmdS somename
screen -x somename
./filename.sh
Step 7 (optional): Starting your CoD2 server with libcod
Requires a few small edits to your .sh file:
Code:
#!/bin/bash
sv_maxclients="32"
fs_game="your_mod_folder_here"
fs_homepath="/home/USER_HERE/YOUR_COD_DIR"
cod="/full/path/to/cod2_1_3_lnxded"
com_hunkMegs="256"
config="configfile.cfg"
cracked="1"
net_port="28960"
args=\
"+set fs_homepath \"$fs_homepath\" "\
"+set sv_cracked $cracked "\
"+set fs_game $fs_game "\
"+set net_port $net_port "\
"+set com_hunkMegs $com_hunkMegs "\
"+set sv_maxclients $sv_maxclients "\
"+set fs_basepath \"$fs_homepath\" "\
"+exec $config"
LD_PRELOAD="relative/path/to/libcod2_1_3.so" $cod $args +set g_gametype tdm +map mp_toujane
Step 8: Creating your first mod
work in progress
Step 9: Protecting your server
Update: Since a few months a patch has been added to both Mitch's github repo as wel as voron00's. The next passage is not applicable to any who use an updated libcod version from the aforementioned sources.
To prevent your server from being used as a ddos amplifier (http://blog.alejandronolla.com/2013/...sis-2-slash-2/), you have to apply some iptables rules. As you should have iptables installed from the previous steps already, you can skip right to the protection part. Create a file called anti_ddos in /etc/init.d with the following contents:
Code:
#!/bin/bash
# Carry out specific functions when asked to by the system
case "$1" in
start)
iptables -N QUERY-BLOCK
iptables -A QUERY-BLOCK -m recent --set --name blocked-hosts -j DROP
iptables -N QUERY-CHECK
iptables -A QUERY-CHECK -p udp -m string ! --string "getstatus" --algo bm --from 32 --to 41 -j RETURN
iptables -A QUERY-CHECK -p udp --sport 0:1025 -j DROP
iptables -A QUERY-CHECK -p udp --sport 3074 -j DROP
iptables -A QUERY-CHECK -p udp --sport 7777 -j DROP
iptables -A QUERY-CHECK -p udp --sport 8002 -j DROP
iptables -A QUERY-CHECK -p udp --sport 27015:27100 -j DROP
iptables -A QUERY-CHECK -p udp --sport 25200 -j DROP
iptables -A QUERY-CHECK -p udp --sport 25565 -j DROP
iptables -A QUERY-CHECK -m recent --update --name blocked-hosts --seconds 30 --hitcount 1 -j DROP
iptables -A QUERY-CHECK -m hashlimit --hashlimit-mode srcip --hashlimit-name getstatus --hashlimit-above 5/second -j QUERY-BLOCK
iptables -A INPUT -p udp --dport 28960 -j QUERY-CHECK
;;
stop)
exit 0
;;
*)
echo "Usage: /etc/init.d/anti_ddos {start|stop}"
exit 1
;;
esac
exit 0
To protect more than just the default port, edit this line:
Code:
iptables -A INPUT -p udp --dport 28960 -j QUERY-CHECK
into something like:
Code:
iptables -A INPUT -p udp --dport 28960:28970 -j QUERY-CHECK
This will limit the amount of queries to 5/second per client which should be plenty for normal queries and should temper or block all ddos amplifications.
Save this file, chmod 500 it, and add it to bootup with
Code:
sudo update-rc.d anti_ddos defaults
Check if it works by doing:
Code:
service anti_ddos start
twice. If you see "chain already exists" you did everything right.
Step 10: Go make something awesome
work in progress