Ban Options
 

News:

29 December 2022 - PtokaX 0.5.3.0 (20th anniversary edition) released...
11 April 2017 - PtokaX 0.5.2.2 released...
8 April 2015 Anti child and anti pedo pr0n scripts are not allowed anymore on this board!
28 September 2015 - PtokaX 0.5.2.1 for Windows 10 IoT released...
3 September 2015 - PtokaX 0.5.2.1 released...
16 August 2015 - PtokaX 0.5.2.0 released...
1 August 2015 - Crowdfunding for ADC protocol support in PtokaX ended. Clearly nobody want ADC support...
30 June 2015 - PtokaX 0.5.1.0 released...
30 April 2015 Crowdfunding for ADC protocol support in PtokaX
26 April 2015 New support hub!
20 February 2015 - PtokaX 0.5.0.3 released...
13 April 2014 - PtokaX 0.5.0.2 released...
23 March 2014 - PtokaX testing version 0.5.0.1 build 454 is available.
04 March 2014 - PtokaX.org sites were temporary down because of DDOS attacks and issues with hosting service provider.

Main Menu

Ban Options

Started by uffetjur, 08 October, 2005, 10:03:34

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

uffetjur

Mowes the discussion from bug reports to this thread:

I think its must be possible to have an option for allowing IP-ranges as an alternativ of banning in ptokax for one or more reasons:

# - I want to run a hub for users only connected to my ISP because : we have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.

# - 2 if you run private hubs with users from 10mbit upload and higher up most of those have static ip,
It would be nice to raise security to only allow certain ip's ip ranges to access

# - 3 Have this  settings in a Firewall, makes it much harder to let ops change wich IP's to be allowed in the hub especially when  running a hub on a remote Server

Im sure users can find other reasons for have this option in ptokax


Somewhere in Cyberspace

Scanning

Why not use:

http://board.univ-angers.fr/thread.php?threadid=4480&boardid=26&styleid=1&sid=e38b7c34cbdb4186dbb95d814bfddad3

Why has it have to be Ptokax that take care of the ip:s?

Someone could easy strip that script to a minimum if it's to complex

uffetjur

#2
zitat:
---------------------------------------------------------------------
Why not use:

http://board.univ-angers.fr/thread.php?t...bb95d814bfddad3

Why has it have to be Ptokax that take care of the ip:s?

Someone could easy strip that script to a minimum if it's to complex
----------------------------------------------------------------------
handling this directly in the soft would speed up the process....


next version of ptokax will contain options for banning ip-ranges... cant be impossible to use some of those functions in reverse direction

and im sure there will be more diskussions like:

- if u can ban a complete range is it possible to allow a single ip in this range?
Somewhere in Cyberspace

bastya_elvtars

Well, uffetjur, all I wanted to say that if you allow a narrow range of IPs it is much better using a firewall. But it is up to you.
Everything could have been anything else and it would have just as much meaning.

uffetjur

#4
well Bastya, im running 5 different hubs on same server, two of them is proposed for my local ISPs users, the rest is worldwide, so configuring my firewall is not an option in this case
Somewhere in Cyberspace

PPK

1 ) Use firewall...
2 ) Use script...
3 ) with new version ban ranges what you don't want to allow :P
"Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris." - Larry Wall

uffetjur

PPK:

If you include an option to allow ip ranges instead of deny ranges
I want an option for my ops to change settings, have this set in a firewall makes that impossible


with deny ranges - will it be possible to allow a single ip in this range ?

for example  !banip 0.0.0.0 - 128.255.255.255
                     !unbanip 98.255.255.255 /
                     !unbanrange 98.0.0.0 - 99.255.255.255 (partial unbanned iprange)
Somewhere in Cyberspace

6Marilyn6Manson6

QuoteOriginally posted by uffetjur
PPK:

If you include an option to allow ip ranges instead of deny ranges
I want an option for my ops to change settings, have this set in a firewall makes that impossible


with deny ranges - will it be possible to allow a single ip in this range ?

for example  !banip 0.0.0.0 - 128.255.255.255
                     !unbanip 98.255.255.255 /
                     !unbanrange 98.0.0.0 - 99.255.255.255 (partial unbanned iprange)

For banrange the best script is rangefucker of bastya_elvtars. C ya

imby

#8
Quotewe have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.

Know it's not relevant to the technical discussion, but get a new ISP, your current one is crap and stingy.

I also don't see why this can't be done with a script.

bastya_elvtars

QuoteOriginally posted by imby

I also don't see why this can't be done with a script.

It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub.
Everything could have been anything else and it would have just as much meaning.

imby

QuoteOriginally posted by bastya_elvtars
QuoteOriginally posted by imby

I also don't see why this can't be done with a script.

It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub.

But he wants his op's to have ability to add ranges, which makes a script the only ideal choice.

uffetjur

#11
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------

This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??

still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option


Zitat:
--------------------------------------------------------------------------------
we have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.
--------------------------------------------------------------------------------

only ISP that delivers fast internet in my neighburghood = +100Mbit
Somewhere in Cyberspace

bastya_elvtars

QuoteOriginally posted by uffetjur
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------

This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??

still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option

Really? You can limit connection to single ports, not just IPs.

For instance, you run hubs on 411 and 4111 and 1411. You can limit IPs connecting to 411 and 4111 but anyone can connect to 1411.
Everything could have been anything else and it would have just as much meaning.

imby

QuoteOriginally posted by uffetjur
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------

This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??

still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option


Zitat:
--------------------------------------------------------------------------------
we have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.
--------------------------------------------------------------------------------

only ISP that delivers fast internet in my neighburghood = +100Mbit

Bit of a big 'catch' though isn't it? ;)

uffetjur

--------------------------------------------------------------------------------
Originally posted by uffetjur
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------

This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??

still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option

--------------------------------------------------------------------------------



Really? You can limit connection to single ports, not just IPs.

For instance, you run hubs on 411 and 4111 and 1411. You can limit IPs connecting to 411 and 4111 but anyone can connect to 1411.



sure can but my ops cant change those settings
Somewhere in Cyberspace

Mardeg

I think he was referring to your firewall being able to limit connections per port. Most good free ones do: Kerio, Sygate, Zonealarm, etc.

bastya_elvtars

QuoteOriginally posted by Mardeg
I think he was referring to your firewall being able to limit connections per port. Most good free ones do: Kerio, Sygate, Zonealarm, etc.

No, I referred to being able to forbid connections to a specified port from certain ranges.
Everything could have been anything else and it would have just as much meaning.

SMF spam blocked by CleanTalk