View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005506 | unreal | ircd | public | 2019-12-23 17:37 | 2022-05-25 15:32 |
| Reporter | westor | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 5.0.0 | ||||
| Fixed in Version | 6.0.4-rc1 | ||||
| Summary | 0005506: Add "except-webirc;" in Blacklist + Restrict-commands + Connthrottle modules | ||||
| Description | Hello, I wanna suggest an except option if it is possible to be added into Blacklist and Restrict-commands and Connthrottle modules especially for webirc NEW USERS, and i am gonna explain why it is very useful that missing right now. In blacklist module, when a webirc (new user) is trying to connect but matched in that module in a specific DNSBL but that dnsbl is useful, there is not a way right now to except this user instead of /ELINE and this is not 100% correctly because it may not be someone from the admin team online to add it. In restrict-commands, when you wanna protect your network by restricting some of USERCMDS due connecting right now there is not any option to except webirc new users in result to match them too, so if you add for example JOIN in restrict command on connect for 10s it matches and webirc clients, this could be solved if "exempt-webirc yes;" exists. In connthrottle, when it is enabled due high proxy attack it will reject and the webirc (new users) to connect too, in this case if "webirc-bypass yes;" under known-users exists would solve it. - Thanks! | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Dropping as target for 5.0.1, sorry. |
|
|
This issue inspired me to not to duplicate the same code but to extend security-group functionality to "mask" and "except". I have now added/transformed: antirandom, antimixedutf8, connthrottle and restrict-commands to accept the same items as exist in the security-group block, see https://github.com/unrealircd/unrealircd/blob/unreal60_dev/doc/RELEASE-NOTES.md#unrealircd-604-git For restrict-commands see the updated examples in example.conf: https://github.com/unrealircd/unrealircd/blob/unreal60_dev/doc/conf/examples/example.conf#L500-L530 And same for connthrottle: https://github.com/unrealircd/unrealircd/blob/unreal60_dev/doc/conf/examples/example.conf#L546-L564 You can now use the following within an except block there: webirc yes; The blacklist { } block still needs to be done (for per-blacklist basis), and except ban { } too (for exempting all blacklists). In the meantime you can use this though: except ban { mask ~security-group:webirc-users; type blacklist; }And then later I will make this work (IT DOES NOT WORK YET): except ban { mask { webirc yes; } type blacklist; } |
|
|
commit c0374862632867e3bafa41e27ee1136fe0ded73c (HEAD -> unreal60_dev, origin/unreal60_dev, origin/HEAD) Author: Bram Matthys <[email protected]> Date: Sun May 15 15:13:19 2022 +0200 Add blacklist::except for exempting users from individual blacklists, this is a https://www.unrealircd.org/docs/Mask_item so very flexible. Note that most people would want to use except ban { } instead to simply exempt from ALL blacklists. (that one does not yet have the flexible mask capability though.. but it wil have it soon..) |
|
|
except ban { mask { webirc yes; } type blacklist; } works too now:commit 7ff4a3e8971d0f87efe94e56f0c3dde56e217e08 Author: Bram Matthys <[email protected]> Date: Wed May 25 07:49:11 2022 +0200 Add the promised support of security group functionality in except ban { } So now the example in the release notes actually works: except ban { mask { security-group irccloud; } type { blacklist; connect-flood; handshake-data-flood; } } |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-12-23 17:37 | westor | New Issue | |
| 2019-12-28 09:45 | syzop | Target Version | => 5.0.1 |
| 2020-01-02 16:40 | syzop | Target Version | 5.0.1 => |
| 2020-01-02 16:40 | syzop | Note Added: 0021193 | |
| 2020-01-10 08:42 | syzop | Priority | high => normal |
| 2022-05-14 19:24 | syzop | Note Added: 0022483 | |
| 2022-05-14 19:25 | syzop | Note Edited: 0022483 | |
| 2022-05-15 15:17 | syzop | Note Added: 0022486 | |
| 2022-05-25 15:32 | syzop | Assigned To | => syzop |
| 2022-05-25 15:32 | syzop | Status | new => resolved |
| 2022-05-25 15:32 | syzop | Resolution | open => fixed |
| 2022-05-25 15:32 | syzop | Fixed in Version | => 6.0.4-rc1 |
| 2022-05-25 15:32 | syzop | Note Added: 0022516 | |
| 2022-05-25 15:32 | syzop | Note Edited: 0022516 | |
| 2022-05-25 15:32 | syzop | Note Edited: 0022516 |
