Page 1 of 2
Only allow certain connections
Posted: Mon Oct 15, 2007 7:05 pm
by JimmyBoom
Hello,
I've a question, i want to set my UnrealIRCD so that there are no connections except from the hostname *@*.nl and *@*.be this is because of botattacks.
Is there something i can do to achieve that or isn't it possible to only allow .be and .nl hostnamed?
Greetz,
JimmyBoom
Re: Only allow certain connections
Posted: Mon Oct 15, 2007 7:19 pm
by Stealth
Only set up allow blocks for *@*.nl and *@*.be
Re: Only allow certain connections
Posted: Mon Oct 15, 2007 7:53 pm
by JimmyBoom
Stealth wrote:Only set up allow blocks for *@*.nl and *@*.be
Yes I did that, but it isn't helping .com hostnamed can still connect.
This is my allow lines:
allow {
ip *@*;
hostname *@*nl;
class clients;
maxperip 10;
};
And same under it for .be.
What's wrong with it?
Re: Only allow certain connections
Posted: Mon Oct 15, 2007 8:57 pm
by Stealth
re-read the documentation for the
allow block and try again. The docs explain why it isn't working
Re: Only allow certain connections
Posted: Tue Oct 16, 2007 5:25 am
by JimmyBoom
I've read it, but I don't know what i'm doing wrong here.
A little help what's wrong?
Re: Only allow certain connections
Posted: Tue Oct 16, 2007 2:26 pm
by Jobe
If you still need to ask, then you clearly HAVNT read the docs. Let me quote from the docs:
About matching
The access control works like this: ip matches OR host matches, so "hostname *@*"; and "ip *@1.2.3.4" will mean it will always match. Also the allow blocks are read upside down, so you need specific host/ip allow blocks AFTER your general *@* allow blocks. Additionally, if you want to setup a block that only matches based on IP, then set the hostname to something invalid, such as "hostname NOBODY;", this will allow the block to only match based on IP.
Re: Only allow certain connections
Posted: Tue Oct 16, 2007 2:47 pm
by JimmyBoom
Hm, in mine example that isn't the right words that there standing.
But you must do it:
allow {
ip *@*;
hostname *@*;
class clients;
maxperip 10;
};
allow {
ip *@*;
hostname *@*nl;
class clients;
maxperip 10;
};
Or i'm still wrong? xD
Re: Only allow certain connections
Posted: Tue Oct 16, 2007 4:45 pm
by Jobe
Users who dont match the *.nl allow block will go on to match the *@* block.
But all users will match the *.nl block because *@* for the IP match will match everyone.
Re: Only allow certain connections
Posted: Tue Oct 16, 2007 5:35 pm
by JimmyBoom
So, how can you change that, must be the IP something that isn't possible?
I'm not that good in it so plz can you tell me?
Like this:
allow {
ip *@1.2.3.4;
hostname *@*.nl;
class clients;
maxperip 10;
};
Re: Only allow certain connections
Posted: Tue Oct 16, 2007 6:09 pm
by SpaceDoG
allow {
ip NODOBDY;
hostname *@*.nl;
class clients;
maxperip 10;
}
Re: Only allow certain connections
Posted: Wed Oct 17, 2007 5:08 pm
by JimmyBoom
It started well, i just configured the options so noone else can connect, but i have a problem.
Someone with a .nl hostname can't connect? What can be the problem of that?
Re: Only allow certain connections
Posted: Wed Oct 17, 2007 6:14 pm
by SpaceDoG
They probably can't connect because the Unreal can't find an RDNS entry for their IP and they are therefor being blocked by the ip NOBODY;. The only way to fix this is if you know the IP range of the ISP they use. You can add that to the ip NOBODY;.
Re: Only allow certain connections
Posted: Wed Oct 17, 2007 7:59 pm
by JimmyBoom
And how can you add it in?
Or just make a new allow block?
EDIT: But how can Unreal not resolve it?
When i try /dns ip it'll resolve into a host with .nl?
Re: Only allow certain connections
Posted: Thu Oct 18, 2007 1:07 pm
by SpaceDoG
Unreal can't resolve it because it times out and switches to a hashed IP. You can set another allow block or change ip NOBODY; to ip 1.2.3.*; or whatever the range for that ISP is.
Re: Only allow certain connections
Posted: Thu Oct 18, 2007 1:21 pm
by Jobe
And on that note, i've had IP's that UnrealIRCd on more then one network could NOT resolve, but at least one of the boxes that was running one of those servers CAN resolve it with the command line "host" command.