View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002132 | unreal | ircd | public | 2004-10-22 20:05 | 2004-10-23 19:36 |
| Reporter | TheNoLongerTrustedRoyalPooBah | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| OS | FreeBSD | OS Version | latest stable | ||
| Product Version | 3.2.1 | ||||
| Fixed in Version | 3.2.2 | ||||
| Summary | 0002132: Ban IP block ineffective | ||||
| Description | No matter what kind of host I place in the ban ip block, it doesn't seem to be effective after a rehash. You can see the hosts and reasons from a /stats K, but they are ineffective. I've had to go through and manually add a Z:Line for these hosts. I have opers who tend to remove bans on a user that I don't want on my network, hence the ban ip entries. | ||||
| Steps To Reproduce | place a hostmask/IP in the ban ip block, and do a /stats K after a rehash. You should see the entries, but they are ineffective. | ||||
| Additional Information | Here are the entries (Note that 'Z' are the ban ip entries, whereas 'z' are the manual entries); the 'z' ones are effective, while the 'Z' ones are not: Z *@64.49.*.* Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI [email protected] Z *@*.dixie-net.com Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI [email protected] z *@*.dixie-net.com 0 5 [email protected] Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI [email protected] z *@64.49.*.* 0 20 [email protected] Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI [email protected] | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | None, but running the latest stable release of Anope services | ||||
|
|
can't reproduce this one either... (note: hosts are not allowed, only IPs). Tested with: ban ip { mask *@192.168.*; reason "this is a test"; }; [02:11:49] -maintest.test.net- *** Notice -- Ein is rehashing server config file unrealircd.conf Rehashing [02:11:50] -maintest.test.net- *** Notice -- Loading IRCd configuration .. [02:11:50] -maintest.test.net- *** Notice -- Configuration loaded without any problems .. [02:11:52] -maintest.test.net- *** Notice -- Ban active for Ein[syzop.testnet] (this is a test) [02:11:52] -maintest.test.net- *** Notice -- Client exiting: Ein ([email protected]) [Banned (this is a test)] [02:11:52] Closing Link: Ein[syzop.testnet] (Banned (this is a test)) [02:11:52] * Disconnected |
|
|
Hmm, I can't get mine to work correctly for some reason. I guess I'll have to stick with manual Z:Lines and remove the "can_zline;" option from my opers' O:Lines. Thanks for testing it out. |
|
|
OK, as Syzop said, hostnames aren't allowed. The only reason I can think the IP one would not work is because of the *.* thing. Can't think why but it's a thought. Have you thought of trying the spiffy new CIDR support in just about everything except +be(I) :P ? EG: try ban ip { mask *@64.49.0.0/16; reason "Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI [email protected]"; }; BTW, I would recommend you attempt to narrow that as much as possible. Since CIDR lets you mask off non-multiples-of-8 (with *, you can only go to /8 /16 /24 or /32, or weird combinations involving ? and * in interesting places), you might find you can ban just that user and at least let SOME good people from that ISP connect, simply by narrowing the CIDR bit mask. |
|
|
confirmed that *@192.168.*.* doesn't work. |
|
|
*grin* that's also the only thing that doesn't work: *@192.168.*.* = does not work 192.168.*.* = does work *@192.168.* = does work *@192.168.0.0/16 and *@192.168.5.0/24 = does work Also the other ban xxxxx thingies are not affected (AFAICT). I've traced it down, and got a patch ready, although one might argue it being an RC bug, I'll fix it before 3.2.2 anyway (probably within a few hours). |
|
|
_within_ a few hours indeed ;). Fixed in .162. |
|
|
This patch has been reverted. The syntax of the ban ip { } block is mask IP; not MASK ident@ip; So there was no bug. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2004-10-22 20:05 | TheNoLongerTrustedRoyalPooBah | New Issue | |
| 2004-10-22 20:05 | TheNoLongerTrustedRoyalPooBah | 3rd party modules | => None, but running the latest stable release of Anope services |
| 2004-10-22 20:15 | syzop | Note Added: 0008075 | |
| 2004-10-22 22:10 | TheNoLongerTrustedRoyalPooBah | Note Added: 0008081 | |
| 2004-10-23 02:21 | aquanight | Note Added: 0008082 | |
| 2004-10-23 11:34 | syzop | Note Added: 0008086 | |
| 2004-10-23 11:34 | syzop | Status | new => confirmed |
| 2004-10-23 12:07 | syzop | Note Added: 0008087 | |
| 2004-10-23 12:18 | syzop | Status | confirmed => resolved |
| 2004-10-23 12:18 | syzop | Fixed in Version | => 3.2.2 |
| 2004-10-23 12:18 | syzop | Resolution | open => fixed |
| 2004-10-23 12:18 | syzop | Assigned To | => syzop |
| 2004-10-23 12:18 | syzop | Note Added: 0008088 | |
| 2004-10-23 19:36 | syzop | Status | resolved => closed |
| 2004-10-23 19:36 | syzop | Note Added: 0008092 |
