Tip of the day: Connthrottle will limit the damage from big drone attacks. Check if the flood thresholds and exceptions are OK for your network.

Blacklist block

From UnrealIRCd documentation wiki
Jump to navigation Jump to search
This page contains changes which are not marked for translation.
Other languages:
  • English

The blacklist block allows you to use a DNS blacklist (DNSBL). Every user that connects to your server will be checked against the blacklists specified.

Syntax

blacklist <name> {
        dns {
                name <blacklist hostname>;
                type <record|bitmask>;
                reply { <permitted replies> };
        };
        action <action>;
        reason <reason>;
        ban-time <time>;
        recheck <yes|no>;
        except { }
};

First of all, each blacklist has a <name>, which is just a short name for the blacklist block.

Currently the only supported type of blacklists are DNS blacklists. This is configured via blacklist::dns which consists of three items: blacklist::dns::name specifies the blacklist to use (eg: rbl.efnetrbl.org). blacklist::dns::type defines if the blacklist is of type record or bitmask, your blacklist should provide this info, if in doubts then use record. Finally, blacklist::dns::reply configures which DNS replies are considered a 'match'. Consult the documentation of the blacklist you use, as they are blacklist-specific!

The remainder of the blacklist block defines what should be done upon a match: blacklist::action specifies an action, such as kline (see Actions for a full list). blacklist::ban-time defines after how much time the *LINE (if any) should be removed.

blacklist::reason specifies the kill/ban reason shown to the user. You can use the following variables in this field, which will be replaced:

  • $ip: IP address of the banned user
  • $server: name of the IRC server
  • $blacklist: name of the blacklist block (eg. xyz for blacklist xyz { })
  • $dnsname: the blacklist::dns::name
  • $dnsreply: DNS reply code

blacklist::recheck defaults to yes. It can be set to no if you don't want this blacklist rechecked due to set::blacklist::recheck-time.

You can exempt users from all blacklist checks via the except ban block (with type 'blacklist'). You can also only filter out users for this specific blacklist, via blacklist::except, which is a mask item so has lots of options.

Example

These are the two most common blacklists that users use: 

blacklist efnetrbl {
        dns {
                name rbl.efnetrbl.org;
                type record;
                reply { 1; 4; 5; };
        };
        action gline;
        ban-time 24h;
        reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
};

blacklist dronebl {
        dns {
                name dnsbl.dronebl.org;
                type record;
                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; };
        };
        action gline;
        ban-time 24h;
        reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
};

See also

Retrieved from "https://www.unrealircd.org/docwiki/index.php?title=Blacklist_block&oldid=13572"