[Feature Request] Linux (Wine / Proton) version?

[NyaomiDEV]

Is your feature request related to a problem? Please describe. Grand Theft Auto V runs under Wine / Proton; and invite-spamming is a problem over there too.

Describe the solution you'd like Since this program is written in Python, I think it can be updated to support Linux as well.

Describe alternatives you've considered Running this Python script under Wine fails because it requires UAC, which Wine doesn't have. Even if it worked past that, it couldn't filter anything out because Wine programs don't have the required permissions nor APIs exposed to them to do network filtering.

Additional context Not applicable.

[Speyedr]

As you have suggested, a Wine version would be impossible because SCBlocker uses PyDivert, which is just a wrapper for WinDivert, which is a signed kernel driver that allows SCBlocker to filter and modify packets in real time. There simply wasn't a cross-platform framework available for filtering packets--in fact, I believe that WinDivert is the only option for filtering on Windows with this level of flexibility.

A native Linux version which uses a different packet filtering library could be possible, however significant effort would be needed to make the scripts cross-platform by abstracting certain functions and dependencies so that both operating systems are supported. Research would also need to be done to decide what library to use as unlike on Windows, there are a few different options for Linux.

There is one alternative that technically already exists for Linux, and that is to use an Intrusion Prevention System (IPS) such as Snort or Suricata (though both of these have to be set up properly to filter "in-line" like SCBlocker does), and then write the filter rules in their syntax. You would of course need to do this yourself, and it would require understanding how each filter rule works (found in FilterSettings.should_allow())so that you could translate it to the filter's syntax.

Although Snort and Suricata are available for Windows, both of them are unable to filter packets on Windows and instead can only operate as Intrusion Detection Systems (IDS)--they can't drop or block packets. Suricata technically supports WinDivert but you need to build Suricata yourself with support for it and I don't think you can even run it without enabling Test Signing anyways.

Developing and testing the Linux version would also be an inconvenience for me personally as I would need to, well, develop and test on Linux in the first place, which I currently cannot do (without installing VMWare or something similar, of course).

The TL;DR is that an official Linux port is currently not under development but is being considered. It would be a lot of effort for a small portion of the player-base, and there already exist other alternatives that could do what SCBlocker does on Linux (but not on Windows) if you wanted to set them up yourself.

[NyaomiDEV]

I wondered, is this possible to achieve with fixed rules? Most Linux systems do have a firewall such as ufw and iptables, so if simple rule-based filtering is somewhat applicable, it would be fine, I guess.

[Speyedr]

I'm not sure. The filters themselves are currently "fixed" but perform certain packet inspections which I don't think can be done with only ufw / iptables.

• DROP_LENGTH checks if the payload size is 93 bytes. It also needs to be incoming, with a source portrange of [61455-61458] and UDP protocol (technically it's DTLS and the payload is 80 bytes but WinDivert doesn't know of the DTLS header).
• DROP_CLIENT_POST uses regex / pattern matching. Specifically, it's checking the first two lines of the packet to determine the method (POST), the protocol (HTTP/1.1) and the full URI to the endpoint (from the hostname and method locations listed in the header which are shown here). It's basically just a simple string equality match.

I don't think you can check the payload size or perform packet regex / string matching with ufw or iptables. If you can, then both of these filters could be recreated.

Of course, you can simply "drop more" by blocking the server's IP entirely, but then you'll have difficulties playing Online.

Snort and Suricata definitely have the ability to write fixed rules which can do this though. There might be other firewalls which can do this as well but I'm not aware of them at the moment.