ngircd
ngircd copied to clipboard
ngircd
Ability to permanently KLine and block nicks from server config
(Report imported from Bugzilla #114)
Status ASSIGNED, severity enhancement, in component Daemon. Reported in version unspecified on platform All. Assigned to: Alexander Barton.
On 2011-07-11 23:23:47 +0200, Yogis Bard wrote:
There should be a way on the server, through the config, to ban/block certain nicks from being used like all *serv nicks to prevent abuse when services aren't used.
On 2011-07-11 23:55:39 +0200, James Kirwill wrote:
+1
That would be really cool to prevent juping while having a netsplit.
On 2011-07-19 10:33:05 +0200, Alexander Barton wrote:
I agree with you and will have a look at it.
Up to today, you only can use TCP wrappers (/etc/hosts.{allow|deny}) and your firewall to limit access, a network-wide solution would be handy.
Some ideas for the semantic? How to add and to remove entries? And how to sync between servers?
On 2011-07-22 19:23:50 +0200, Yogis Bard wrote:
I think the best way would be through the ngircd.conf file as a list ie
BanNicks = _Serv,SYSTEM,_Bot
That sort of thing, and the impact of this could use the servers own nick kill abilities to force other nicks off a network from linked servers so all the servers can manage their own lists but enforced globally.
ie Server A enforces
BanNicks = *Bot
Server B receives a join command from a client with a nick of "StupidBot"
Server A detects the join and forces a kill as it matches it's own criteria.
The caveat to this is Services would need some way to be exempt from kills, but they do run as opers so there is some merit in checking the user flag to see if they are an oper before killing.
On 2011-07-22 20:10:59 +0200, James Kirwill wrote:
I would prefer [client] sections in the config file. This way we would be able to implement other per-client settings in a sane way.
Example for a ban:
[client] nick=*Serv hops=0 policy=ban
Example for an ircop:
[client] match=any nick=mustapha ident=*mond password=AlphaPlus000 policy=operator
The default value for hops could be 0, so that all client matches would be local if not changed. If given, the nick, ident and host lines must match. A "match=any" could change this behaviour for example.
On 2012-01-02 21:09:11 +0100, Alexander Barton wrote:
Update:
Starting with commit e9e6224a (Implement IRC_xLINE(): handler for "GLINE" and "KLINE" commands) ngIRCd supports both the KLINE (local) and GLINE (global) commands:
To set a ban:
GLINE/KLINE
: To unset a ban:
GLINE/KLINE
"G-Lines" are synchronized between servers starting commit 164e15b8 (Synchronize G-Lines on server login).
But up to now, there is no way to specify G/K-Lines in the configuration file ...
On 2013-02-10 16:01:57 +0100, DNS wrote:
(In reply to comment # 5)
Update:
Starting with commit e9e6224a (Implement IRC_xLINE(): handler for "GLINE" and "KLINE" commands) ngIRCd supports both the KLINE (local) and GLINE (global) commands:
To set a ban:
GLINE/KLINE
: To unset a ban:
GLINE/KLINE
"G-Lines" are synchronized between servers starting commit 164e15b8 (Synchronize G-Lines on server login).
But up to now, there is no way to specify G/K-Lines in the configuration file ...
Bug report:
I tested both commands today, and they seems not to work. With k-line i get no reply from server at all if the correct syntax is used, but in logs i can see that the KLINE is added, just nothing happens... With g-line i get permission denied. Whats needs to be enabled to get g-line to work? AllowRemoteOper on every server?
On 2013-02-10 22:20:01 +0100, Alexander Barton wrote:
(In reply to comment # 6)
I tested both commands today, and they seems not to work. With k-line i get no reply from server at all if the correct syntax is used, but in logs i can see that the KLINE is added, just nothing happens...
So what do you expect to happen? The KLINE command (as well as GLINE) adds the mask to the ban list, which seems to have worked like you saw in your logs.
With g-line i get permission denied. Whats needs to be enabled to get g-line to work? AllowRemoteOper on every server?
You have to be IRC Operator, just the same as with KLINE.
So I can't reproduce your problem?
On 2013-02-10 22:24:09 +0100, Alexander Barton wrote:
(In reply to comment # 7)
With g-line i get permission denied. Whats needs to be enabled to get g-line to work? AllowRemoteOper on every server?
You have to be IRC Operator, just the same as with KLINE.
After rechecking this … you are right, "AllowRemoteOper" must be enabled if the remote server should allow an other server to set GLINES.
On 2013-02-10 22:49:10 +0100, DNS wrote:
(In reply to comment # 7)
(In reply to comment # 6)
I tested both commands today, and they seems not to work. With k-line i get no reply from server at all if the correct syntax is used, but in logs i can see that the KLINE is added, just nothing happens...
So what do you expect to happen? The KLINE command (as well as GLINE) adds the mask to the ban list, which seems to have worked like you saw in your logs.
Well i expect the the mask is banned from server but this didn't happen, even if in logs i see that it adds correctly the time and also deactivates correctly the ban again but still no ban happened.
On 2013-02-24 15:31:46 +0100, Alexander Barton wrote:
(In reply to comment # 9)
Well i expect the the mask is banned from server but this didn't happen, even if in logs i see that it adds correctly the time and also deactivates correctly the ban again but still no ban happened.
I created a separate bug report for this, bug # 156 "{G|K}LINE doesn't actually kill already connected users", and reset this one back to "enhancement" to only track the "Ability to permanently KLine and block nicks from server config" issue again …
Thanks.
Tagging this as "later" and closing the bug for now: obviously nobody is working on this at the moment …