View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005005 | unreal | ircd | public | 2017-09-11 21:51 | 2024-07-12 11:41 |
| Reporter | HeXiLeD | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Platform | Any | OS | Any | OS Version | Any |
| Product Version | 4.0.13 | ||||
| Fixed in Version | 6.1.7 | ||||
| Summary | 0005005: Block or allow access list to the ircd with geoip | ||||
| Description | I would like to suggest a feature that is quite handy in certain situations. This feature goes beyond the traditional blacklist_block (https://www.unrealircd.org/docs/Blacklist_block) The purpose is to be able to prevent or allow access based on country tld. Should be flexible in order to allow/deny or deny/allow as necessary. A good example can be given with reference to the nginx httpd. ------------------------------------------------- example: default allow all but deny listed geoip_country /usr/share/GeoIP/GeoIP.dat; map $geoip_country_code $allowed_country { default yes; AE no; AF no; AL no; CN no; } example: default deny all but deny listed geoip_country /usr/share/GeoIP/GeoIP.dat; map $geoip_country_code $allowed_country { default no; CH yes; DK yes; UK yes; NL yes; } ------------------------------------------------- Example: configurable options for the conf: #Access policy Default "deny" # Options are "allow|deny"; #Exempted country list from default policy Exemptions { CH yes; # tld yes|no DK yes; UK yes; NL yes; }; ------------------------------------------------- Given the chosen default policy, the yes|no exemption could also be simplified without the need of yes|no. Exemptions { CH, DK, UK, NL }; Side note: flexibility is important. | ||||
| Steps To Reproduce | N/A | ||||
| Tags | access lists, geoip, ircd, privacy, security | ||||
| 3rd party modules | |||||
|
|
I like this request, but I'm not working on it at the moment. |
|
|
GeoIP support is in UnrealIRCd 6. You can for example ban ~country:UK. There's no "ban all except <these countries>" though. |
|
|
Most of this was already done in 6.0.0. But now that the ban user::mask is a mask item in (to be released) 6.0.7 you can do all variations that were mentioned here... In the past you had to use extended server bans, now you can use the direct mask item / security group style: ban user {
mask {
country { NL; FR; }
}
reason "I hate the Dutch and the French";
}
require authentication {
mask {
country { NL; FR; }
}
reason "I hate the Dutch and the French. But you may still connect if you have an account";
}And ban all except can be done like: ban user {
mask {
mask *;
exclude-country { NL; DE; FR; }
}
reason "Users are not allowed from this country";
}(.. and similar in require authentication) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-09-11 21:51 | HeXiLeD | New Issue | |
| 2017-09-11 21:51 | HeXiLeD | Tag Attached: ircd | |
| 2017-09-11 21:51 | HeXiLeD | Tag Attached: security | |
| 2017-09-11 21:51 | HeXiLeD | Tag Attached: access lists | |
| 2017-09-11 21:51 | HeXiLeD | Tag Attached: geoip | |
| 2017-09-11 21:51 | HeXiLeD | Tag Attached: privacy | |
| 2017-11-01 10:22 | syzop | Status | new => confirmed |
| 2017-11-01 10:22 | syzop | Note Added: 0019940 | |
| 2018-12-09 10:01 | syzop | Relationship added | related to 0004429 |
| 2021-11-01 16:45 | syzop | Note Added: 0022149 | |
| 2024-07-12 11:41 | syzop | Assigned To | => syzop |
| 2024-07-12 11:41 | syzop | Status | confirmed => resolved |
| 2024-07-12 11:41 | syzop | Resolution | open => fixed |
| 2024-07-12 11:41 | syzop | Fixed in Version | => 6.1.7 |
| 2024-07-12 11:41 | syzop | Note Added: 0023259 |
