Firewall for GTA Online
LGPL-3.0 License
Custom firewall for the game GTA Online (version 1.66 and onwards).
Guardian.exe
(you will be prompted to run as Administrator)Whitelist
and use a Whitelisted Session instead.Guardian may work in other circumstances/setups, but is less likely to produce secure sessions.
Guardian intercepts all incoming GTA traffic, and only allows specific packets through depending on the configuration. GTA service-related packets are still allowed so you can communicate with GTA servers, but other players will not be able to join your session (unless you specify their IP addresses in the whitelist configuration).
By observing network activity while playing GTA Online, it is discovered that the "type" of packet can be determined based on the packet's payload size even though they are encrypted. Other than user-defined configuration, the only other behaviours intended to be allowed through are the session "heartbeat" and any session information requests from the "matchmaking service" which provides initial connection details to clients.
Guardian has many different kinds of sessions, each with different behaviours intended to be used under different circumstances.
The most important requirement for securing a session with Guardian is that you are the "session host". You can still use Guardian to block packets as a non-host player, but improper use of session types as a non-host will likely get you disconnected from the session.
Solo Session
Whitelisted Session
Whitelist
will be allowed to connect to you. If you are the host of a session, anyone not in your whitelist will likely lose connection to the session. If you are not the host of your current session and other players in your current session are not on your whitelist (whether already in the session or joining sometime later), you will lose connection to everyone else when you enable this type of session. Ths is because your client will not be able to communicate with these players and you do not have host privileges to kick them out of the session.Blacklisted Session
Blacklist
will not be allowed to connect to you. If a connection is routed through R* servers, that connection will also be blocked as a security measure. This mode is not recommended as GTA Online has custom routing if only a handful of IP addresses are blocked.Auto Whitelisted Session
Locked Session
GTA Online on PC was too crazy with modders wreaking havoc and constantly spamming text messages or emails. They could also crash sessions, leak IPs, or even scrape R* IDs to join non-public sessions to continue harrassing people. Speyedr did some research and testing, and was eventually able to get Guardian to work again, and he publicly shared it with the open-source community (check out his repository here). I then decided to fork his own project and improve on the codebase further, as well as further improvements that I think the codebase can benefit from.
Install Python 3.10+
(Recommended) Use poetry.
pip install poetry
Install project dependencies via poetry from the top-level repo folder.
poetry install
Build the package from the top-level repo folder. The executable will be found in the dist
directory.
poetry run build
Alternatively, you can run directly from the codebase without building
poetry run python guardian