PtokaX forum

PtokaX => Support => Topic started by: uffetjur on 08 October, 2005, 10:03:34

Title: Ban Options
Post by: uffetjur on 08 October, 2005, 10:03:34
Mowes the discussion from bug reports to this thread:

I think its must be possible to have an option for allowing IP-ranges as an alternativ of banning in ptokax for one or more reasons:

# - I want to run a hub for users only connected to my ISP because : we have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.

# - 2 if you run private hubs with users from 10mbit upload and higher up most of those have static ip,
It would be nice to raise security to only allow certain ip's ip ranges to access

# - 3 Have this  settings in a Firewall, makes it much harder to let ops change wich IP's to be allowed in the hub especially when  running a hub on a remote Server

Im sure users can find other reasons for have this option in ptokax


Title:
Post by: Scanning on 08 October, 2005, 10:26:25
Why not use:

http://board.univ-angers.fr/thread.php?threadid=4480&boardid=26&styleid=1&sid=e38b7c34cbdb4186dbb95d814bfddad3

Why has it have to be Ptokax that take care of the ip:s?

Someone could easy strip that script to a minimum if it's to complex
Title:
Post by: uffetjur on 08 October, 2005, 11:43:45
zitat:
---------------------------------------------------------------------
Why not use:

http://board.univ-angers.fr/thread.php?t...bb95d814bfddad3

Why has it have to be Ptokax that take care of the ip:s?

Someone could easy strip that script to a minimum if it's to complex
----------------------------------------------------------------------
handling this directly in the soft would speed up the process....


next version of ptokax will contain options for banning ip-ranges... cant be impossible to use some of those functions in reverse direction

and im sure there will be more diskussions like:

- if u can ban a complete range is it possible to allow a single ip in this range?
Title:
Post by: bastya_elvtars on 08 October, 2005, 13:20:40
Well, uffetjur, all I wanted to say that if you allow a narrow range of IPs it is much better using a firewall. But it is up to you.
Title:
Post by: uffetjur on 08 October, 2005, 14:04:06
well Bastya, im running 5 different hubs on same server, two of them is proposed for my local ISPs users, the rest is worldwide, so configuring my firewall is not an option in this case
Title:
Post by: PPK on 08 October, 2005, 18:52:19
1 ) Use firewall...
2 ) Use script...
3 ) with new version ban ranges what you don't want to allow :P
Title:
Post by: uffetjur on 09 October, 2005, 08:34:40
PPK:

If you include an option to allow ip ranges instead of deny ranges
I want an option for my ops to change settings, have this set in a firewall makes that impossible


with deny ranges - will it be possible to allow a single ip in this range ?

for example  !banip 0.0.0.0 - 128.255.255.255
                     !unbanip 98.255.255.255 /
                     !unbanrange 98.0.0.0 - 99.255.255.255 (partial unbanned iprange)
Title:
Post by: 6Marilyn6Manson6 on 09 October, 2005, 13:09:40
QuoteOriginally posted by uffetjur
PPK:

If you include an option to allow ip ranges instead of deny ranges
I want an option for my ops to change settings, have this set in a firewall makes that impossible


with deny ranges - will it be possible to allow a single ip in this range ?

for example  !banip 0.0.0.0 - 128.255.255.255
                     !unbanip 98.255.255.255 /
                     !unbanrange 98.0.0.0 - 99.255.255.255 (partial unbanned iprange)

For banrange the best script is rangefucker of bastya_elvtars. C ya
Title:
Post by: imby on 09 October, 2005, 13:57:10
Quotewe have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.

Know it's not relevant to the technical discussion, but get a new ISP, your current one is crap and stingy.

I also don't see why this can't be done with a script.
Title:
Post by: bastya_elvtars on 09 October, 2005, 14:10:12
QuoteOriginally posted by imby

I also don't see why this can't be done with a script.

It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub.
Title:
Post by: imby on 09 October, 2005, 19:12:45
QuoteOriginally posted by bastya_elvtars
QuoteOriginally posted by imby

I also don't see why this can't be done with a script.

It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub.

But he wants his op's to have ability to add ranges, which makes a script the only ideal choice.
Title:
Post by: uffetjur on 09 October, 2005, 19:22:33
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------

This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??

still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option


Zitat:
--------------------------------------------------------------------------------
we have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.
--------------------------------------------------------------------------------

only ISP that delivers fast internet in my neighburghood = +100Mbit
Title:
Post by: bastya_elvtars on 09 October, 2005, 20:34:33
QuoteOriginally posted by uffetjur
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------

This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??

still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option

Really? You can limit connection to single ports, not just IPs.

For instance, you run hubs on 411 and 4111 and 1411. You can limit IPs connecting to 411 and 4111 but anyone can connect to 1411.
Title:
Post by: imby on 09 October, 2005, 21:37:29
QuoteOriginally posted by uffetjur
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------

This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??

still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option


Zitat:
--------------------------------------------------------------------------------
we have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.
--------------------------------------------------------------------------------

only ISP that delivers fast internet in my neighburghood = +100Mbit

Bit of a big 'catch' though isn't it? ;)
Title:
Post by: uffetjur on 10 October, 2005, 18:14:01
--------------------------------------------------------------------------------
Originally posted by uffetjur
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------

This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??

still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option

--------------------------------------------------------------------------------



Really? You can limit connection to single ports, not just IPs.

For instance, you run hubs on 411 and 4111 and 1411. You can limit IPs connecting to 411 and 4111 but anyone can connect to 1411.



sure can but my ops cant change those settings
Title:
Post by: Mardeg on 10 October, 2005, 22:58:39
I think he was referring to your firewall being able to limit connections per port. Most good free ones do: Kerio, Sygate, Zonealarm, etc.
Title:
Post by: bastya_elvtars on 10 October, 2005, 23:17:26
QuoteOriginally posted by Mardeg
I think he was referring to your firewall being able to limit connections per port. Most good free ones do: Kerio, Sygate, Zonealarm, etc.

No, I referred to being able to forbid connections to a specified port from certain ranges.