View Issue Details

IDProjectCategoryView StatusLast Update
0005802unrealircdpublic2021-03-07 11:33
ReporterPeGaSuS Assigned Tosyzop  
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
PlatformUnixOSUbuntuOS Version20.04
Fixed in Version5.0.9-rc1 
Summary0005802: Option to limit the number of connections per IP globally
DescriptionCurrently we have the allow::maxperip setting which is server only.

In case of a network with multiple servers, that allows the same user to connect X times per server with the same IP.

An option to define the allow::maxperip globally (perhaps call it allow::global-maxperip) would be great.

Cheers
TagsNo tags attached.
3rd party modules

Activities

syzop

2021-02-13 20:04

administrator   ~0021893

Last edited: 2021-02-13 20:07

First of all, I totally agree(?) or at least think it is weird that it is only counted locally. Servers are fast enough nowadays that we can easily check globally.

So, first thing comes to mind is to have 'maxperip' apply globally instead of locally, but.. i think that would cause unintended effects at this moment.
So then, indeed, we would have to add a new config item like global-maxperip.
I also think it would be wise to set a default for this, like make the global maxperip = maxperip * 2 by default.
That should be OK for most networks.
And of course, document this properly in release notes.

syzop

2021-03-07 11:33

administrator   ~0021902

Thanks again for bringing this up, like i said (sortof) i kinda forgot about this :D.

I decided to make the default maxperip plus one. Lots of people have 2 or 3 for maxperip so that will mean they will now have a global-maxperip of 3 or 4, unless they set it explicitly of course.
That sounds like a better default value than the *2 that i mentioned earlier, which leaves way too much room for attackers.

commit 636b068062f786041effe536a63d5298cbd07f70 (HEAD -> unreal50, origin/unreal50)
Author: Bram Matthys <[email protected]>
Date: Sun Mar 7 11:30:02 2021 +0100

    New option allow::global-maxperip, defaults to allow::maxperip+1.
    Suggested by Jobe and PeGaSuS in https://bugs.unrealircd.org/view.php?id=5802

Issue History

Date Modified Username Field Change
2021-01-05 19:34 PeGaSuS New Issue
2021-02-13 20:04 syzop Note Added: 0021893
2021-02-13 20:04 syzop Status new => acknowledged
2021-02-13 20:07 syzop Note Edited: 0021893
2021-03-07 11:33 syzop Assigned To => syzop
2021-03-07 11:33 syzop Status acknowledged => resolved
2021-03-07 11:33 syzop Resolution open => fixed
2021-03-07 11:33 syzop Fixed in Version => 5.0.9-rc1
2021-03-07 11:33 syzop Note Added: 0021902