UnrealIRCd Forums

Welcome to the UnrealIRCd Forums!
https://forums.unrealircd.org/

deny ip mask (in server) & exclude for good users

https://forums.unrealircd.org/viewtopic.php?t=803

Page 1 of 1

deny ip mask (in server) & exclude for good users

Posted: Mon Aug 30, 2004 1:17 pm
by Beer
Help! Why banned ip mask with password (or etc) allow autenification for good users in this mask?
conf? modules? other?

#1 All Allow
allow {
ip *@*;
hostname *@*;
class clients;
maxperip 10;
};

^
I

#2 deny ip mask without correct password

??? :roll: {
ip *@217.118.*.*;
hostname *@*;
class clients;
reason "BAN IP or BAD PASSWORD!";
};

^
I

#3 Allow ip mask user with password
allow {
ip *[email protected].*.*;
hostname *@*;
class clients;
password "userpass_1";
maxperip 2;
};
...
^
I
...
allow {
ip *[email protected].*.*;
hostname *@*;
class clients;
password "userpass_N";
maxperip 2;
};

^
I
...

Posted: Mon Aug 30, 2004 1:34 pm
by Ron2K
Not sure what you mean, but it looks like you want people from a specific IP range to be prompted for a password on connect, while everyone else can get in without a password.

Quoted from the documentation:
Also the allow blocks are read upside down, so you need specific host/ip allow blocks AFTER your general *@* allow blocks.
So, simply put block #1 first in your config file, followed by block #3. (Get rid of block #2.) Then, what I think is your desired result should be achieved. People with IP 217.whatever-it-was.* will be prompted for a password. If they get it right, they connect; if not, they are rejected (thus making a deny IP block unneccessary). Anyone else (aka me :P ) will be able to connect without a password.

The lack of a question made it a tad tricky for me to know what you were trying to ask, but I seem to be getting good at working out these kinds of support questions. :P

Posted: Tue Aug 31, 2004 6:45 am
by Beer
===============================
#1 All Allow
allow {
ip *@*;
hostname *@*;
class clients;
maxperip 10;
};

#3 Allow ip mask user with password
allow {
ip *@80.92.15.*;
hostname *@*; # <-delete??? this ip mask no dns name!
class clients;
password "userpass";
maxperip 2;
};
============================
no working... no blocked without password... :cry:

user [email protected] connect with and without password... :(
Unreal3.2.1/Linux

Posted: Tue Aug 31, 2004 7:17 am
by Ron2K
Try removing allow::hostname and see what happens.

Dumb question, but you did remember to rehash, didn't you?

Posted: Tue Aug 31, 2004 7:34 am
by Beer
Dumb? :) Sorry...

[31-11:29] -beer.metacom.ru- *** Notice -- error: unrealircd.conf:48: allow::hostname missing

We have come to a determination this problem? :roll:

Posted: Tue Aug 31, 2004 8:42 am
by Ron2K
OK, so that didn't work... dunno why your previous post wasn't working though. I'll run some tests when I get home tonight and see what I can come up with.

Posted: Tue Aug 31, 2004 11:26 am
by Beer
OK
This theme and variations discuss on russian forum devoted UnrealIRCD.
http://forum.juravlev.inc.ru/viewtopic. ... =2351#2351
No come to a determination...
Password connect possible only after delete Section#1... :(


ban ip {mask 80.92.15.*;reason "BAN or BAD NICK";};
except ban {mask *[email protected].*;};
Not effective method, from behind substitution Nick and ip.

My conf http://www.stepan-razin.ru/irc/unrealircd.conf

Posted: Tue Aug 31, 2004 4:02 pm
by aquanight
Use ban user instead of ban ip.

Posted: Thu Sep 02, 2004 5:12 am
by Beer
Ron2K, why some progress? test fail?

Posted: Thu Sep 02, 2004 5:59 am
by Ron2K
Beer wrote:Ron2K, why some progress? test fail?
Forgot :P
(I've got a test this evening and a test tomorrow night, so you can understand why.)

Posted: Thu Sep 09, 2004 5:12 am
by Beer
Ron2K, why some progress? test fail or forgot? 8)

Posted: Thu Sep 09, 2004 8:58 am
by AngryWolf
Hi Beer,

Read unreal32docs.html -> 4.5 - Allow Block -> "About matching" carefully! Not only the part that Ron2k quoted earlier. That will tell you what to do to make your IP based authentication work. And deleting allow::hostname is a definitely bad idea, because that directive is required.

Posted: Thu Sep 09, 2004 9:02 am
by Ron2K
Beer wrote:Ron2K, why some progress? test fail or forgot? 8)
Nope, I've got a crashbug :P

Posted: Fri Sep 10, 2004 7:47 am
by Beer
Working construction for users without DNS records.
Thanks ALL from http://bugs.unrealircd.org !!! :D Beer! Beer! Beer! :P

Read conf bottom-up:
---
Step#1. User from 172.16.108.* with password is allow
log: *** Couldn't resolve your hostname; using your IP address instead
---
Step#2. All users this mask without valid password is denied
log: Closing Link: nick[ip] (Password mismatch)
---
Step#3. All other user is allow

unrealircd.conf
--
allow {
ip *@*;
hostname *@*;
class clients;
maxperip 50;
};

# Access denied for ip-mask
allow {
ip *@172.16.108.*;
hostname *@NOBODY;
class clients;
password "super-password-for-ip_mask";
maxperip 2;
};

# access allow
allow {
# dinamic ip
ip *@172.16.108.*;
# static ip
#ip *@172.16.108.34;
hostname *@NOBODY;
class clients;
password "password_Chester";
maxperip 2;
};
.....

ps: Hmmm... strangely enough

for 172.16.108.* working string-> hostname *@NOBODY;
for 80.92.15.* working sting only -> hostname *@INVALID; (with *@NOBODY not blocked)

Why?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited