Problem with allow-line

These are old archives. They are kept for historic purposes only.
Dukat
Posts: 1083
Joined: Tue Mar 16, 2004 5:44 pm
Location: Switzerland

Post by Dukat »

These blocks DO work, but they don't do what you want, of course.

Now please start reading the documentation, it is very clearly documented how allow blocks work.
Itsme-HcK
Posts: 20
Joined: Tue Jan 04, 2005 5:28 pm
Location: Nijmegen
Contact:

Post by Itsme-HcK »

I don't get it, this IS how it's done in the docs... :|
The docs wrote:About matching
The access control works like this: ip matches OR host matches, so "hostname *@*"; and "ip *@1.2.3.4" will mean it will always match.
So, I've changed that...
The docs wrote:Also the allow blocks are read upside down, so you need specific host/ip allow blocks AFTER your general *@* allow blocks.
That too...
The docs wrote:ip
The ip mask is in the form user@ip, user is the ident and often set at *, ip is the ipmask. Some examples: *@* (from everywhere), *@192.168.* (only from addr's starting with 192.168), etc.
Exactly what I have....
The docs wrote:host
Also a user@host hostmask, again.. user is often set at *. Some examples: *@* (everywhere), *@*.wanadoo.fr (only from wanadoo.fr).
Same thing here.
Last edited by Itsme-HcK on Wed Jan 05, 2005 12:19 pm, edited 1 time in total.
Dukat
Posts: 1083
Joined: Tue Mar 16, 2004 5:44 pm
Location: Switzerland

Post by Dukat »

Read everything...
"About Matching" is the interesting part for you.
Itsme-HcK
Posts: 20
Joined: Tue Jan 04, 2005 5:28 pm
Location: Nijmegen
Contact:

Post by Itsme-HcK »

Itsme-HcK wrote:I don't get it, this IS how it's done in the docs... :|
The docs wrote:About matching
The access control works like this: ip matches OR host matches, so "hostname *@*"; and "ip *@1.2.3.4" will mean it will always match.
So, I've changed that...
Itsme-HcK wrote:
allow {
ip *@127.0.0.1;
hostname *@127.0.0.1;

class clients;
maxperip 50;
};
Ron2K

Post by Ron2K »

Itsme-HcK wrote:

Code: Select all

allow {
	ip             *@*;
	hostname       *@*;
	class           clients;
	maxperip 5;
};

allow {
ip *@192.168.1.33;
hostname *@192.168.1.33;
class clients;
maxperip 20;
};

allow {
	ip *@127.0.0.1;
	hostname *@127.0.0.1;
	class clients;
	maxperip 50;
};

allow {
	ip *@*;
	hostname *@*;
	class clients;
	password "vanmij";
};
It has to be like that right? (it doesn't work...)
Nope. With that link block order, you may as well not have the first three. (All connections will match #4.)

As countless others have suggested, go and read the manual again.
Itsme-HcK
Posts: 20
Joined: Tue Jan 04, 2005 5:28 pm
Location: Nijmegen
Contact:

Post by Itsme-HcK »

For the 6th time? Really, I just don't get it >.<

And about the passworded one, I thought it wouldn't be matched without the password...
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop »

I'm not 100% sure what you are trying to accomplish since your allow blocks seem to change all the time, but... But! Here's a guess:
- normal clients allowed: 5 maxperip
- 192.168.1.33: 20 maxperip
- 127.0.0.1: 50 maxperip
- anywhere, with a password: "unlimited" maxperip

Code: Select all

allow {
   ip *@*;
   hostname *@*;
   class clients;
   maxperip 5;
};

allow {
   ip *@192.168.1.33;
   hostname NOMATCH;
   class clients;
   maxperip 20;
};

allow {
   ip *@127.0.0.1;
   hostname NOMATCH;
   class clients;
   maxperip 50;
};

allow {
   ip *@*;
   hostname *@*;
   class clients;
   password "vanmij";
   options { nopasscont; };
};
Now for the last block w/o password, I rather suggest also requiring an ident.. Reason is, if someone connects with a password of something else than "vanmij" they can't get in. And since passwords can be used by users for services (if you specify a password it also gets sent to nickserv) this isn't too uncommon.

So last block perhaps something like:

Code: Select all

allow {
   ip myident@*;
   hostname myident@*;
   class clients;
   password "vanmij";
   options { nopasscont; };
};
But of course, you could try with the original set I posted first.. to see if that works for you.
Itsme-HcK
Posts: 20
Joined: Tue Jan 04, 2005 5:28 pm
Location: Nijmegen
Contact:

Post by Itsme-HcK »

Thanks, it works :D


Well, the passworded one is only for occasions like: I'm at a friend and can't connect to the remote.
So, I think an ident isn't usefull ;)
slemborg
Posts: 2
Joined: Sat Jan 26, 2008 10:17 am

Re: Problem with allow-line

Post by slemborg »

Old topic, but I just wanted to be sure
I have on my server which hosts my unreal ircd and services, also installed psybnc
which im gonna let max 50 users use, so to get this working would I use:

Code: Select all

allow {
   ip *@127.0.0.1;
   hostname NOMATCH;
   class clients;
   maxperip 50;
};
In order to have services NOT interfer with that amount of connections
from localhost?
BigSmoke
Posts: 23
Joined: Sun Apr 13, 2008 3:36 am
Location: Amsterdam, The Netherlands
Contact:

Re: Problem with allow-line

Post by BigSmoke »

That would work fine, Allow block is local only and only works for that particular server.

And clients can't connect to your services server anyway:P
http://www.fazconi.com
irc://irc.fazconi.com
Email: [email protected]
slemborg
Posts: 2
Joined: Sat Jan 26, 2008 10:17 am

Re: Problem with allow-line

Post by slemborg »

Thanks for your reply, I was wondering, do I need to add anything in services.conf
or will unrealircd.conf sort what needs sorting by adding the allow block I wrote?
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Problem with allow-line

Post by Jobe »

You may also have to add an exception to limiting in services too.
Your IP: Image
Your Country: Image
Post Reply