Tip of the day: If you run multiple servers then consider using Remote includes to share configuration settings. |
Blacklist block
The blacklist block allows you to use a DNS blacklist (DNSBL). Every user that connects to your server will be checked against the blacklists specified.
Syntax
blacklist <name> { dns { name <blacklist hostname>; type <record|bitmask>; reply { <permitted replies> }; }; action <action>; reason <reason>; ban-time <time>; recheck <yes|no>; except { } };
First of all, each blacklist has a <name>, which is just a short name for the blacklist block.
Currently the only supported type of blacklists are DNS blacklists. This is configured via blacklist::dns which consists of three items: blacklist::dns::name specifies the blacklist to use (eg: rbl.efnetrbl.org). blacklist::dns::type defines if the blacklist is of type record or bitmask, your blacklist should provide this info, if in doubts then use record. Finally, blacklist::dns::reply configures which DNS replies are considered a 'match'. Consult the documentation of the blacklist you use, as they are blacklist-specific!
The remainder of the blacklist block defines what should be done upon a match: blacklist::action specifies an action, such as kline (see Actions for a full list). blacklist::ban-time defines after how much time the *LINE (if any) should be removed.
blacklist::reason specifies the kill/ban reason shown to the user. You can use the following variables here:
- All Standard variables such as
$ip
$blacklist
: name of the blacklist block (eg. xyz for blacklist xyz { })$dnsname
: the blacklist::dns::name$dnsreply
: DNS reply code
blacklist::recheck defaults to yes. It can be set to no if you don't want this blacklist rechecked due to set::blacklist::recheck-time.
You can exempt users from all blacklist checks via the except ban block (with type 'blacklist'). You can also only filter out users for this specific blacklist, via blacklist::except, which is a mask item so has lots of options.
Example
These are the two most common blacklists that users use:
blacklist efnetrbl { dns { name rbl.efnetrbl.org; type record; reply { 1; 4; 5; }; }; action gline; ban-time 24h; reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details."; }; blacklist dronebl { dns { name dnsbl.dronebl.org; type record; reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }; }; action gline; ban-time 24h; reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details."; };
See also
- Except blacklist block - to exempt an IP from blacklist checks