Mowes the discussion from bug reports to this thread:
I think its must be possible to have an option for allowing IP-ranges as an alternativ of banning in ptokax for one or more reasons:
# - I want to run a hub for users only connected to my ISP because : we have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.
# - 2 if you run private hubs with users from 10mbit upload and higher up most of those have static ip,
It would be nice to raise security to only allow certain ip's ip ranges to access
# - 3 Have this settings in a Firewall, makes it much harder to let ops change wich IP's to be allowed in the hub especially when running a hub on a remote Server
Im sure users can find other reasons for have this option in ptokax
Why not use:
http://board.univ-angers.fr/thread.php?threadid=4480&boardid=26&styleid=1&sid=e38b7c34cbdb4186dbb95d814bfddad3
Why has it have to be Ptokax that take care of the ip:s?
Someone could easy strip that script to a minimum if it's to complex
zitat:
---------------------------------------------------------------------
Why not use:
http://board.univ-angers.fr/thread.php?t...bb95d814bfddad3
Why has it have to be Ptokax that take care of the ip:s?
Someone could easy strip that script to a minimum if it's to complex
----------------------------------------------------------------------
handling this directly in the soft would speed up the process....
next version of ptokax will contain options for banning ip-ranges... cant be impossible to use some of those functions in reverse direction
and im sure there will be more diskussions like:
- if u can ban a complete range is it possible to allow a single ip in this range?
Well, uffetjur, all I wanted to say that if you allow a narrow range of IPs it is much better using a firewall. But it is up to you.
well Bastya, im running 5 different hubs on same server, two of them is proposed for my local ISPs users, the rest is worldwide, so configuring my firewall is not an option in this case
1 ) Use firewall...
2 ) Use script...
3 ) with new version ban ranges what you don't want to allow :P
PPK:
If you include an option to allow ip ranges instead of deny ranges
I want an option for my ops to change settings, have this set in a firewall makes that impossible
with deny ranges - will it be possible to allow a single ip in this range ?
for example !banip 0.0.0.0 - 128.255.255.255
!unbanip 98.255.255.255 /
!unbanrange 98.0.0.0 - 99.255.255.255 (partial unbanned iprange)
QuoteOriginally posted by uffetjur
PPK:
If you include an option to allow ip ranges instead of deny ranges
I want an option for my ops to change settings, have this set in a firewall makes that impossible
with deny ranges - will it be possible to allow a single ip in this range ?
for example !banip 0.0.0.0 - 128.255.255.255
!unbanip 98.255.255.255 /
!unbanrange 98.0.0.0 - 99.255.255.255 (partial unbanned iprange)
For banrange the best script is rangefucker of bastya_elvtars. C ya
Quotewe have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.
Know it's not relevant to the technical discussion, but get a new ISP, your current one is crap and stingy.
I also don't see why this can't be done with a script.
QuoteOriginally posted by imby
I also don't see why this can't be done with a script.
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub.
QuoteOriginally posted by bastya_elvtars
QuoteOriginally posted by imby
I also don't see why this can't be done with a script.
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub.
But he wants his op's to have ability to add ranges, which makes a script the only ideal choice.
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------
This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??
still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option
Zitat:
--------------------------------------------------------------------------------
we have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.
--------------------------------------------------------------------------------
only ISP that delivers fast internet in my neighburghood = +100Mbit
QuoteOriginally posted by uffetjur
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------
This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??
still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option
Really? You can limit connection to single ports, not just IPs.
For instance, you run hubs on 411 and 4111 and 1411. You can limit IPs connecting to 411 and 4111 but anyone can connect to 1411.
QuoteOriginally posted by uffetjur
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------
This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??
still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option
Zitat:
--------------------------------------------------------------------------------
we have unlimited traffic amonhs each other, ISPs outside we have a uge limit to download from. my ISP has several Ip ranges.
--------------------------------------------------------------------------------
only ISP that delivers fast internet in my neighburghood = +100Mbit
Bit of a big 'catch' though isn't it? ;)
--------------------------------------------------------------------------------
Originally posted by uffetjur
zitat:
-----------------------------------------------------------------------
It can be done with a script, as stated above. Just if you use a firewall, no traffic will be generated, otherwise the login process will generate traffic, also requires more CPU power. The firewall way prevents those ranges from even seeing the hub
-----------------------------------------------------------------------
This leads to next question - what uses most cpu & mem? hubsoft or a luascript ??
still running 5 hubs on a single PC, 2 of them for local isp network so using firewall is not an option
--------------------------------------------------------------------------------
Really? You can limit connection to single ports, not just IPs.
For instance, you run hubs on 411 and 4111 and 1411. You can limit IPs connecting to 411 and 4111 but anyone can connect to 1411.
sure can but my ops cant change those settings
I think he was referring to your firewall being able to limit connections per port. Most good free ones do: Kerio, Sygate, Zonealarm, etc.
QuoteOriginally posted by Mardeg
I think he was referring to your firewall being able to limit connections per port. Most good free ones do: Kerio, Sygate, Zonealarm, etc.
No, I referred to being able to forbid connections to a specified port from certain ranges.