Tip of the day: The Security article gives hands-on tips on how to deal with drone attacks, flooding, spammers, (D)DoS and more.

Translations:Configuration/40/en

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

Blacklist block

<translate> The blacklist block allows you to use a DNS blacklist (DNSBL). Every user that connects to your server will be checked against the blacklists specified.

Syntax

blacklist <name> {
        dns {
                name <blacklist hostname>;
                type <record|bitmask>;
                reply { <permitted replies> };
        };
        action <action>;
        reason <reason>;
        ban-time <time>;
        recheck <yes|no>;
        except { }
};

First of all, each blacklist has a <name>, which is just a short name for the blacklist block.

Currently the only supported type of blacklists are DNS blacklists. This is configured via blacklist::dns which consists of three items: blacklist::dns::name specifies the blacklist to use (eg: rbl.efnetrbl.org). blacklist::dns::type defines if the blacklist is of type record or bitmask, your blacklist should provide this info, if in doubts then use record. Finally, blacklist::dns::reply configures which DNS replies are considered a 'match'. Consult the documentation of the blacklist you use, as they are blacklist-specific!

The remainder of the blacklist block defines what should be done upon a match: blacklist::action specifies an action, such as kline (see Actions for a full list). blacklist::ban-time defines after how much time the *LINE (if any) should be removed.

blacklist::reason specifies the kill/ban reason shown to the user. You can use the following variables here:

  • All Standard variables such as $ip
  • $blacklist: name of the blacklist block (eg. xyz for blacklist xyz { })
  • $dnsname: the blacklist::dns::name
  • $dnsreply: DNS reply code

blacklist::recheck defaults to yes. It can be set to no if you don't want this blacklist rechecked due to set::blacklist::recheck-time.

You can exempt users from all blacklist checks via the except ban block (with type 'blacklist'). You can also only filter out users for this specific blacklist, via blacklist::except, which is a mask item so has lots of options.

Example

These are the two most common blacklists that users use: 

blacklist efnetrbl {
        dns {
                name rbl.efnetrbl.org;
                type record;
                reply { 1; 4; 5; };
        };
        action gline;
        ban-time 24h;
        reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
};

<!--T:7-->
blacklist dronebl {
        dns {
                name dnsbl.dronebl.org;
                type record;
                reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; };
        };
        action gline;
        ban-time 24h;
        reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
};

See also

</translate>

Retrieved from "https://www.unrealircd.org/docwiki/index.php?title=Translations:Configuration/40/en&oldid=1899"