View Issue Details

IDProjectCategoryView StatusLast Update
0004231unrealircdpublic2018-06-11 08:34
ReporterKindOne Assigned Tosyzop  
Status resolvedResolutionfixed 
Fixed in Version4.0.18 
Summary0004231: Create flags options in allow { }.
DescriptionWould be nice to have some flags options for the allow { } blocks.

These are some I copied from charybdis that I would like to see.

need_ssl -- require people to use ssl to connect.
need_sasl -- require people to use sasl to connect, this can be used in order to help stop bots/people on abusive IP ranges without having to ban the innocent people. The majority of popular IRC clients have built in sasl support or you might have to use a script.

I'm sure some other flags might benefit.

// Example of what I would like to see.
allow {
    // Abusive IP range
    ip *@50.50.*.*;
    hostname *@*;
    class clients;
    maxperip 5;
    flags need_sasl;
TagsNo tags attached.
3rd party modules



2013-08-09 17:35

reporter   ~0017741



2013-08-10 00:49

reporter   ~0017743

+1 from me too, however I think instead of an additional allow::flags option/block, why not have them as additional options in the already existing allow::options sub block?

This idea could also be expanded as "exception" flags to ban * {} blocks, eg if you match say a ban ip block, and it has the sasl exception option in the ban ip block, then the ban ip block would be ignored.


2013-12-09 19:04

reporter   ~0017858

doesn't allow::options::ssl work for allow::flags::need_ssl ?


2016-06-13 03:42

reporter   ~0019319

Any news about this? It is a really good idea.


2016-06-13 22:18


It'd be nice if that allow block for the IP part would allow IP blocks (CIDR notation). You mention SASL only, some networks find that useful to restrict cellular 3G/4G networks to SASL auth only to prevent abuse, and I feel CIDR notation would be easier and a better representation of said IP ranges.


2018-06-11 08:34

administrator   ~0020140

After 4.5 years... ;)

allow::options::ssl already was there but this adds allow::options::sasl

Also, and this was before I had read this bug report, I have made two synonyms so that 'ssl' also exists as 'require-ssl' and 'sasl' exists as 'require-sasl'. We may want to phase out the ones without require in the docs and everywhere sometime... the require-* makes it a bit more clear.

commit cd6d7a2bb7967092f303dfd7fe09cf8748c12d39
Author: Bram Matthys <[email protected]>
Date: Mon Jun 11 08:22:29 2018 +0200

    Add allow::options::sasl (or require-sasl) to require SASL authentication
    as suggested in
    The allow block documentation has been updated, including an example at
    the end of the page -

Issue History

Date Modified Username Field Change
2013-08-08 18:53 KindOne New Issue
2013-08-09 17:35 katsklaw Note Added: 0017741
2013-08-10 00:49 Jobe Note Added: 0017743
2013-12-09 19:04 bekarfel Note Added: 0017858
2014-03-14 01:14 peterkingalexander Issue cloned: 0004273
2016-06-13 03:42 NoMiaus Note Added: 0019319
2016-06-13 22:18 user7720 Note Added: 0019324
2018-06-11 08:34 syzop Assigned To => syzop
2018-06-11 08:34 syzop Status new => resolved
2018-06-11 08:34 syzop Resolution open => fixed
2018-06-11 08:34 syzop Note Added: 0020140
2018-06-11 08:34 syzop Fixed in Version => 4.0.18