Only allow certain connections

These are old archives. They are kept for historic purposes only.
JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Only allow certain connections

Post by JimmyBoom » Mon Oct 15, 2007 7:05 pm

Hello,

I've a question, i want to set my UnrealIRCD so that there are no connections except from the hostname *@*.nl and *@*.be this is because of botattacks.
Is there something i can do to achieve that or isn't it possible to only allow .be and .nl hostnamed?

Greetz,

JimmyBoom

Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: Only allow certain connections

Post by Stealth » Mon Oct 15, 2007 7:19 pm

Only set up allow blocks for *@*.nl and *@*.be

JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom » Mon Oct 15, 2007 7:53 pm

Stealth wrote:Only set up allow blocks for *@*.nl and *@*.be
Yes I did that, but it isn't helping .com hostnamed can still connect.
This is my allow lines:

allow {
ip *@*;
hostname *@*nl;
class clients;
maxperip 10;
};

And same under it for .be.
What's wrong with it?

Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: Only allow certain connections

Post by Stealth » Mon Oct 15, 2007 8:57 pm

re-read the documentation for the allow block and try again. The docs explain why it isn't working :)

JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom » Tue Oct 16, 2007 5:25 am

I've read it, but I don't know what i'm doing wrong here.
A little help what's wrong?

Jobe1986
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Only allow certain connections

Post by Jobe1986 » Tue Oct 16, 2007 2:26 pm

If you still need to ask, then you clearly HAVNT read the docs. Let me quote from the docs:
About matching
The access control works like this: ip matches OR host matches, so "hostname *@*"; and "ip *@1.2.3.4" will mean it will always match. Also the allow blocks are read upside down, so you need specific host/ip allow blocks AFTER your general *@* allow blocks. Additionally, if you want to setup a block that only matches based on IP, then set the hostname to something invalid, such as "hostname NOBODY;", this will allow the block to only match based on IP.
Your IP: Image

JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom » Tue Oct 16, 2007 2:47 pm

Hm, in mine example that isn't the right words that there standing.

But you must do it:

allow {
ip *@*;
hostname *@*;
class clients;
maxperip 10;
};

allow {
ip *@*;
hostname *@*nl;
class clients;
maxperip 10;
};

Or i'm still wrong? xD

Jobe1986
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Only allow certain connections

Post by Jobe1986 » Tue Oct 16, 2007 4:45 pm

Users who dont match the *.nl allow block will go on to match the *@* block.

But all users will match the *.nl block because *@* for the IP match will match everyone.
Your IP: Image

JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom » Tue Oct 16, 2007 5:35 pm

So, how can you change that, must be the IP something that isn't possible?
I'm not that good in it so plz can you tell me?

Like this:

allow {
ip *@1.2.3.4;
hostname *@*.nl;
class clients;
maxperip 10;
};

SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Re: Only allow certain connections

Post by SpaceDoG » Tue Oct 16, 2007 6:09 pm

allow {
ip NODOBDY;
hostname *@*.nl;
class clients;
maxperip 10;
}

JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom » Wed Oct 17, 2007 5:08 pm

It started well, i just configured the options so noone else can connect, but i have a problem.
Someone with a .nl hostname can't connect? What can be the problem of that?

SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Re: Only allow certain connections

Post by SpaceDoG » Wed Oct 17, 2007 6:14 pm

They probably can't connect because the Unreal can't find an RDNS entry for their IP and they are therefor being blocked by the ip NOBODY;. The only way to fix this is if you know the IP range of the ISP they use. You can add that to the ip NOBODY;.

JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom » Wed Oct 17, 2007 7:59 pm

And how can you add it in?
Or just make a new allow block?

EDIT: But how can Unreal not resolve it?
When i try /dns ip it'll resolve into a host with .nl?

SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Re: Only allow certain connections

Post by SpaceDoG » Thu Oct 18, 2007 1:07 pm

Unreal can't resolve it because it times out and switches to a hashed IP. You can set another allow block or change ip NOBODY; to ip 1.2.3.*; or whatever the range for that ISP is.

Jobe1986
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Only allow certain connections

Post by Jobe1986 » Thu Oct 18, 2007 1:21 pm

And on that note, i've had IP's that UnrealIRCd on more then one network could NOT resolve, but at least one of the boxes that was running one of those servers CAN resolve it with the command line "host" command.
Your IP: Image

Post Reply