Tip of the day: If you still have users on plaintext port 6667, consider enabling Strict Transport Security to gently move users to SSL/TLS on port 6697. |
Ban IP block
Jump to navigation
Jump to search
This block bans an IP from accessing the server. This is the same as adding a /ZLINE on IRC.
Syntax
ban ip { mask <ipmask>; reason <reason-for-ban>; };
The mask parameter is an IP which may contain wildcard characters, and reason is the reason why this ban is being placed.
Important points
All ban ip { } blocks and ZLINEs are processed very early. When the TCP/IP connection is accepted it is immediately closed with the ban reason sent as an error to the user. All this is done before DNS lookups, ident lookups, and before any TLS handshake.
Therefore:
- You can only use IP addresses to place bans on
- Clients using SSL/TLS almost always won't display the actual error message
- Servers trying to link in to this server are also affected by ZLINEs
In many cases it is better to use the ban user { } block or KLINE instead. The reason ban ip { } and ZLINE exist is because it can be helpful if you are under very heavy drone/flood attacks where the server has to reject tens of thousands of connections per second.
Example
ban ip { mask 192.168.1.*; reason "Get a real ip u lamer!"; };