Proximyst
commented
4 years ago If nothing else, this is either doable through a good ol' feature gate (cargo build --features ipbans) or through adding a plugin API to nonomura (patches in suckless style or libloading?).
I'll have a look at it sometime, if you don't wish to take it upon yourself first.
AeSix
This is just a concept idea. This could be spun off as it's own project, being non-reliant on nonomura, though it is because of nonomura which gave me the idea.
[note: After further discussing this in IRC, this is null and moot for the intended use case, however, with using nonomura as a Point of Presence gateway/proxy, (where multiple nonomura instances may be running on different hosts to provide multiple points of access to a single or set of bungeecord server), this still makes some sense.]
nonomura IP ban relay: This involves: 1) writing a plugin (to start, for bungee - but sponge/forge/bukkit could also be done) 2) opening an administrative listener in nonomura 3) interacting with ufw (preferable) or iptables (more compatible) (Windows/macOS firewall too maybe?)
The plugin would not replace other ban plugins, but would watch specifically for IP bans. It would then take the IP, and set a local firewall rule (with optional duration config entry) and optionally send the IP to the /remote/ nonomura instances.
nonomura would have to have a listener written to allow opening a port to listen for events from the plugin. This could be done to allow for listening only for specific addresses, as a security feature. nonomura would then add the ip to it's local firewall, again with an optional duration, to prevent those players from being able to even connect to nonomura.
This could be done with a stand-alone program, in lieu of nonomura, replacing nonomura but still requring a plugin to listen for the ip bans. Though, this too could be overcome with tailing the log file, watching for bans (not as reliable as a plugin listening to processed events)
Just a thought :)