View Issue Details

IDProjectCategoryView StatusLast Update
0002132unrealircdpublic2004-10-23 19:36
ReporterTheNoLongerTrustedRoyalPooBahAssigned Tosyzop 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
PlatformOSFreeBSDOS Versionlatest stable
Product Version3.2.1 
Target VersionFixed in Version3.2.2 
Summary0002132: Ban IP block ineffective
DescriptionNo matter what kind of host I place in the ban ip block, it doesn't seem to be effective after a rehash. You can see the hosts and reasons from a /stats K, but they are ineffective. I've had to go through and manually add a Z:Line for these hosts. I have opers who tend to remove bans on a user that I don't want on my network, hence the ban ip entries.
Steps To Reproduceplace a hostmask/IP in the ban ip block, and do a /stats K after a rehash. You should see the entries, but they are ineffective.
Additional InformationHere are the entries (Note that 'Z' are the ban ip entries, whereas 'z' are the manual entries); the 'z' ones are effective, while the 'Z' ones are not:

Z *@64.49.*.* Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI kline@htuts.com
Z *@*.dixie-net.com Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI kline@htuts.com
z *@*.dixie-net.com 0 5 TheNoLongerTrustedRoyalPooBah!NS@NetAdmin.Htuts-DTS Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI kline@htuts.com
z *@64.49.*.* 0 20 TheNoLongerTrustedRoyalPooBah!NS@NetAdmin.Htuts-DTS Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI kline@htuts.com
TagsNo tags attached.
3rd party modulesNone, but running the latest stable release of Anope services

Activities

syzop

2004-10-22 20:15

administrator   ~0008075

can't reproduce this one either...
(note: hosts are not allowed, only IPs).
Tested with:
ban ip {
    mask *@192.168.*;
    reason "this is a test";
};

[02:11:49] -maintest.test.net- *** Notice -- Ein is rehashing server config file
unrealircd.conf Rehashing
[02:11:50] -maintest.test.net- *** Notice -- Loading IRCd configuration ..
[02:11:50] -maintest.test.net- *** Notice -- Configuration loaded without any problems ..
[02:11:52] -maintest.test.net- *** Notice -- Ban active for Ein[syzop.testnet] (this is a test)
[02:11:52] -maintest.test.net- *** Notice -- Client exiting: Ein (fdsdfsd@syzop.testnet) [Banned (this is a test)]
[02:11:52] Closing Link: Ein[syzop.testnet] (Banned (this is a test))
[02:11:52] * Disconnected

TheNoLongerTrustedRoyalPooBah

2004-10-22 22:10

reporter   ~0008081

Hmm, I can't get mine to work correctly for some reason.

I guess I'll have to stick with manual Z:Lines and remove the "can_zline;" option from my opers' O:Lines.

Thanks for testing it out.

aquanight

2004-10-23 02:21

reporter   ~0008082

OK, as Syzop said, hostnames aren't allowed. The only reason I can think the IP one would not work is because of the *.* thing. Can't think why but it's a thought. Have you thought of trying the spiffy new CIDR support in just about everything except +be(I) :P ? EG: try

ban ip {
    mask *@64.49.0.0/16;
    reason "Due to a banned user's (Ace) very dynamic host from this ISP, this ISP is banned -- FMI kline@htuts.com";
};

BTW, I would recommend you attempt to narrow that as much as possible. Since CIDR lets you mask off non-multiples-of-8 (with *, you can only go to /8 /16 /24 or /32, or weird combinations involving ? and * in interesting places), you might find you can ban just that user and at least let SOME good people from that ISP connect, simply by narrowing the CIDR bit mask.

syzop

2004-10-23 11:34

administrator   ~0008086

confirmed that *@192.168.*.* doesn't work.

syzop

2004-10-23 12:07

administrator   ~0008087

*grin* that's also the only thing that doesn't work:
*@192.168.*.* = does not work
192.168.*.* = does work
*@192.168.* = does work
*@192.168.0.0/16 and *@192.168.5.0/24 = does work

Also the other ban xxxxx thingies are not affected (AFAICT).

I've traced it down, and got a patch ready, although one might argue it being an RC bug, I'll fix it before 3.2.2 anyway (probably within a few hours).

syzop

2004-10-23 12:18

administrator   ~0008088

_within_ a few hours indeed ;).

Fixed in .162.

syzop

2004-10-23 19:36

administrator   ~0008092

This patch has been reverted.

The syntax of the ban ip { } block is mask IP; not MASK ident@ip;
So there was no bug.

Issue History

Date Modified Username Field Change
2004-10-22 20:05 TheNoLongerTrustedRoyalPooBah New Issue
2004-10-22 20:05 TheNoLongerTrustedRoyalPooBah 3rd party modules => None, but running the latest stable release of Anope services
2004-10-22 20:15 syzop Note Added: 0008075
2004-10-22 22:10 TheNoLongerTrustedRoyalPooBah Note Added: 0008081
2004-10-23 02:21 aquanight Note Added: 0008082
2004-10-23 11:34 syzop Note Added: 0008086
2004-10-23 11:34 syzop Status new => confirmed
2004-10-23 12:07 syzop Note Added: 0008087
2004-10-23 12:18 syzop Status confirmed => resolved
2004-10-23 12:18 syzop Fixed in Version => 3.2.2
2004-10-23 12:18 syzop Resolution open => fixed
2004-10-23 12:18 syzop Assigned To => syzop
2004-10-23 12:18 syzop Note Added: 0008088
2004-10-23 19:36 syzop Status resolved => closed
2004-10-23 19:36 syzop Note Added: 0008092