View Issue Details

IDProjectCategoryView StatusLast Update
0005005unrealircdpublic2021-11-01 16:45
ReporterHeXiLeD Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status confirmedResolutionopen 
PlatformAnyOSAnyOS VersionAny
Product Version4.0.13 
Summary0005005: Block or allow access list to the ircd with geoip
DescriptionI would like to suggest a feature that is quite handy in certain situations.
This feature goes beyond the traditional blacklist_block (https://www.unrealircd.org/docs/Blacklist_block)

The purpose is to be able to prevent or allow access based on country tld.

Should be flexible in order to allow/deny or deny/allow as necessary.

A good example can be given with reference to the nginx httpd.

-------------------------------------------------

example: default allow all but deny listed

        geoip_country /usr/share/GeoIP/GeoIP.dat;
        map $geoip_country_code $allowed_country {
        default yes;
        AE no;
        AF no;
        AL no;
        CN no;
       }

example: default deny all but deny listed

        geoip_country /usr/share/GeoIP/GeoIP.dat;
        map $geoip_country_code $allowed_country {
        default no;
        CH yes;
        DK yes;
        UK yes;
        NL yes;
       }

-------------------------------------------------

Example: configurable options for the conf:

 #Access policy
               Default "deny" # Options are "allow|deny";
 
 #Exempted country list from default policy
               Exemptions {
                            CH yes; # tld yes|no
                            DK yes;
                            UK yes;
                            NL yes;
                          };
 
-------------------------------------------------

Given the chosen default policy, the yes|no exemption could also be simplified without the need of yes|no.
               Exemptions { CH, DK, UK, NL };

Side note: flexibility is important.
Steps To ReproduceN/A
Tagsaccess lists, geoip, ircd, privacy, security
3rd party modules

Relationships

related to 0004429 acknowledgedsyzop Ideas - Country Name Support 

Activities

syzop

2017-11-01 10:22

administrator   ~0019940

I like this request, but I'm not working on it at the moment.

syzop

2021-11-01 16:45

administrator   ~0022149

GeoIP support is in UnrealIRCd 6. You can for example ban ~country:UK. There's no "ban all except <these countries>" though.

Issue History

Date Modified Username Field Change
2017-09-11 21:51 HeXiLeD New Issue
2017-09-11 21:51 HeXiLeD Tag Attached: ircd
2017-09-11 21:51 HeXiLeD Tag Attached: security
2017-09-11 21:51 HeXiLeD Tag Attached: access lists
2017-09-11 21:51 HeXiLeD Tag Attached: geoip
2017-09-11 21:51 HeXiLeD Tag Attached: privacy
2017-11-01 10:22 syzop Status new => confirmed
2017-11-01 10:22 syzop Note Added: 0019940
2018-12-09 10:01 syzop Relationship added related to 0004429
2021-11-01 16:45 syzop Note Added: 0022149