[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: unexpected behaviour
- To: Mikael Abrahamsson <swmike@xxxxxxxxx>
- Subject: Re: unexpected behaviour
- From: Kurt Roeckx <Q@xxxxxxx>
- Date: Wed, 5 Sep 2001 21:35:00 +0200
- Cc: ircd-users@xxxxxxx
- Delivered-to: ircd-users-out@irc.org
- Delivered-to: ircd-users@irc.org
- In-reply-to: <Pine.LNX.4.33.0109050813020.26011-100000@uplift.swm.pp.se>
- References: <Pine.LNX.4.33.0109050723420.26011-100000@uplift.swm.pp.se> <Pine.LNX.4.33.0109050813020.26011-100000@uplift.swm.pp.se>
On Wed, Sep 05, 2001 at 08:15:55AM +0200, Mikael Abrahamsson wrote:
> On Wed, 5 Sep 2001, Mikael Abrahamsson wrote:
>
> Forget this. I figured out that I was allowing idented non-resolved
> clients (I guess?).
>
> I have now changed it into:
>
> Y:15:300::1000:100000:0.1:0.1
> I:*@130.240.0.0/16::NULL::15
> k:=130.240.0.0/16:identd (rfc1413) and reverse-dns required:*::
>
> > k:=212.209.0.0/17:identd (rfc1413) and reverse-dns required:unknown::
Your original one did only K-line if he didn't resolv AND didn't
run identd, while you want OR.
You did: !A && !B, which is the same as !(A || B), and then put
put the oposite of it in the comment field, and said A && B, but
it's A || B that will allow him.
This new K-line is for everybody that doesn't resolv, and doesn't
say anything about ident.
Note that "*@" in the I-line doesn't mean anything, it doesn't
say that he has to run ident.
The NULL, or any other text in the I-line will prevent them from
showing up with a hostname on IRC. I don't think you want that.
You have to let the field empty for it to resolv. So you have
something like this:
I:130.240.0.0/16::::15
> I find this behaviour not to be what I expected. Yes, the IP has reverse,
> no, the forward probably didn't work when he connected, so his connect is
> showing IP, but still the k:= doesn't match him. Shouldn't the k:= be
> strict matching to reverse AND matching forward, and not only that there
> actually is some kind of reverse? If not, is this something that could be
> implemented, perhaps with some other character if this is the intented
> behaviour with = ?
The documented behaviour for = means that it has to resolv, which
might be a little misleading or just plain wrong. It seems to
K-line anybody that shows up with an IP address, no matter if it
does resolv or not. Just a change in I-line can get you K-lined.
Sometimes the config file doesn't let you allow to do certain
things you want, and we want a new config-file format, and then
hopefully let people specify what they want.
Could you specify more precisly what you want it to do? Maybe we
can do what you want with the current configfile.
Kurt