Only allow certain connections

These are old archives. They are kept for historic purposes only.
JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Only allow certain connections

Post by JimmyBoom »

Hello,

I've a question, i want to set my UnrealIRCD so that there are no connections except from the hostname *@*.nl and *@*.be this is because of botattacks.
Is there something i can do to achieve that or isn't it possible to only allow .be and .nl hostnamed?

Greetz,

JimmyBoom
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: Only allow certain connections

Post by Stealth »

Only set up allow blocks for *@*.nl and *@*.be
JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom »

Stealth wrote:Only set up allow blocks for *@*.nl and *@*.be
Yes I did that, but it isn't helping .com hostnamed can still connect.
This is my allow lines:

allow {
ip *@*;
hostname *@*nl;
class clients;
maxperip 10;
};

And same under it for .be.
What's wrong with it?
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: Only allow certain connections

Post by Stealth »

re-read the documentation for the allow block and try again. The docs explain why it isn't working :)
JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom »

I've read it, but I don't know what i'm doing wrong here.
A little help what's wrong?
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Only allow certain connections

Post by Jobe »

If you still need to ask, then you clearly HAVNT read the docs. Let me quote from the docs:
About matching
The access control works like this: ip matches OR host matches, so "hostname *@*"; and "ip *@1.2.3.4" will mean it will always match. Also the allow blocks are read upside down, so you need specific host/ip allow blocks AFTER your general *@* allow blocks. Additionally, if you want to setup a block that only matches based on IP, then set the hostname to something invalid, such as "hostname NOBODY;", this will allow the block to only match based on IP.
Your IP: Image
Your Country: Image
JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom »

Hm, in mine example that isn't the right words that there standing.

But you must do it:

allow {
ip *@*;
hostname *@*;
class clients;
maxperip 10;
};

allow {
ip *@*;
hostname *@*nl;
class clients;
maxperip 10;
};

Or i'm still wrong? xD
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Only allow certain connections

Post by Jobe »

Users who dont match the *.nl allow block will go on to match the *@* block.

But all users will match the *.nl block because *@* for the IP match will match everyone.
Your IP: Image
Your Country: Image
JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom »

So, how can you change that, must be the IP something that isn't possible?
I'm not that good in it so plz can you tell me?

Like this:

allow {
ip *@1.2.3.4;
hostname *@*.nl;
class clients;
maxperip 10;
};
SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Re: Only allow certain connections

Post by SpaceDoG »

allow {
ip NODOBDY;
hostname *@*.nl;
class clients;
maxperip 10;
}
JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom »

It started well, i just configured the options so noone else can connect, but i have a problem.
Someone with a .nl hostname can't connect? What can be the problem of that?
SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Re: Only allow certain connections

Post by SpaceDoG »

They probably can't connect because the Unreal can't find an RDNS entry for their IP and they are therefor being blocked by the ip NOBODY;. The only way to fix this is if you know the IP range of the ISP they use. You can add that to the ip NOBODY;.
JimmyBoom
Posts: 36
Joined: Mon Oct 02, 2006 2:09 pm

Re: Only allow certain connections

Post by JimmyBoom »

And how can you add it in?
Or just make a new allow block?

EDIT: But how can Unreal not resolve it?
When i try /dns ip it'll resolve into a host with .nl?
SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Re: Only allow certain connections

Post by SpaceDoG »

Unreal can't resolve it because it times out and switches to a hashed IP. You can set another allow block or change ip NOBODY; to ip 1.2.3.*; or whatever the range for that ISP is.
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: Only allow certain connections

Post by Jobe »

And on that note, i've had IP's that UnrealIRCd on more then one network could NOT resolve, but at least one of the boxes that was running one of those servers CAN resolve it with the command line "host" command.
Your IP: Image
Your Country: Image
Post Reply