FOSS gamedev and creative worlds

[cainram]

My daughter and I are putting together a Minetest server for the local library. I don't want the users to be able to connect to any server other than the local one. Is there a way to prevent this in the client software?

Thanks in advance

[octacian]

Yes, it is more than possible, and also easy. Essentially, you have to modify the Lua formspec behind the server list tab, to not get the public server list. Instead, you hardcode only your server to show. However, people could still manually enter the IP of another server, so you'd also have to run a check on the IP just before attempting to connect.

I'd do it for you right now, but I probably can't till tomorrow. So that you know, the file for the formspec is in /usr/local/share/minetest/builtin/mainmenu/tab_multiplayer.lua (on Linux). You probably aren't running Linux on the computers, but it's the same idea just a different path up to minetest/.

Edit: working on this right now. Is there anything else you want disabled? Singleplayer, custom mods, texture packs?

[cainram]

Thanks for taking a look and providing some guidance. I should have given more information, classic forum sin, I know.
The backend will be an i5 w/ 8gb RAM running Ubuntu 16.04 server. The clients will be Windows. Win7 mostly, I think. And, yes, I want this thing locked down good and tight. I want total administrative control over the client experience.

[octacian]

OK, I've taken a bit of a different method to doing this. Instead of hardcoding everything, where there is a slight possibility somebody with MT knowledge could change it, I've decided to simply change the serverlist URL. So, what you'll need to do, is run a Apache or Nginx web server, that has a single page on it which I will later provide. If it's an issue to do that, I have servers I could put it on for you.

This means that instead of getting the serverlist from servers.minetest.net, it will get it from your server. The list will just have the single server that you want clients to be able to access. I'll remove the address and port textboxes, replacing them with labels.

Essentially, they will only be able to connect to servers in your server list. Anyways, I hope you understand what I'm doing here.

[cainram]

I appreciate the help. This doesn't have to be bullet proof and the simplest way is the best. If someone is going to go under the hood and fiddle around, you can't really stop them. The idea is to make it simple and straightforward to the average user. I want to be able to tell the average librarian, "yeah, they can only get to the server here on site - see, look". Of course, anyone can bring in their laptop, connect to the wifi and use any version/configuration of the client they wish. Also, FYI, the server won't be available to the Internet at large, only on the local network.

[sorcerykid]

Setting up a firewall rule on your router to block outbound UDP and TCP traffic to ports 30000 (Minetest default) through 30010 will definitely do the trick. This way clients would only be able to connect to Minetest servers on your LAN. Moreover you could add "servers.minetest.net" to /etc/hosts on the Windows workstations with an IP address 127.0.0.1 as an added security measure to thwart any attempts to lookup the master server list.