Tip of the day: You can exempt users dynamically from server bans, spamfilter, maxperip and other restrictions with the ELINE command on IRC.

Ban IP block

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

This block bans an IP from accessing the server. This is the same as adding a /ZLINE on IRC.

Syntax

ban ip {
	mask <ipmask>;
	reason <reason-for-ban>;
}

The mask parameter is an IP which may contain wildcard characters, and reason is the reason why this ban is being placed.

In UnrealIRCd 6.1.8 and later you can have multiple masks.

Important points

All ban ip { } blocks and ZLINEs are processed very early. When the TCP/IP connection is accepted it is immediately closed with the ban reason sent as an error to the user. All this is done before DNS lookups, ident lookups, and before any TLS handshake.

Therefore:

  • You can only use IP addresses to place bans on
  • Clients using SSL/TLS almost always won't display the actual error message
  • Servers trying to link in to this server are also affected by ZLINEs

In many cases it is better to use the ban user { } block or KLINE instead. The reason ban ip { } and ZLINE exist is because it can be helpful if you are under very heavy drone/flood attacks where the server has to reject tens of thousands of connections per second.

Examples

Single IP

ban ip {
	mask 192.168.1.*;
	reason "Get a real ip u lamer!";
};

Multiple IPs

Requires UnrealIRCd 6.1.8 or later 

ban ip {
    mask { 1.1.1.1; 2.2.2.2; 3.3.3.3; }
    reason "Go away";
}
Retrieved from "https://www.unrealircd.org/docwiki/index.php?title=Ban_IP_block&oldid=14220"