# but if they can connect again to B, there are three. You get the #
# idea (i hope). #
# #
+# NOTE NOTE NOTE NOTE NOTE NOTE! #
+# The maximum limits by default apply to individual IP addresses #
+# This *MAY* be changed by modifying the <cidr> block, in order #
+# to detect cloning across an ISP. #
+# #
# The optional port value determines which port the connect tag is #
# handling. If left out the connect tag covers all bound ports else #
# only incoming connections on the specified port will match. Port #
<connect deny="69.254.*">
<connect deny="3ffe::0/32">
+#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
+# #
+# CIDR configuration allows detection of clones and applying of #
+# throttle limits across a CIDR range. (A CIDR range is a group of #
+# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be #
+# represented as 192.168.1.0/24). This means that abuse across an ISP #
+# is detected and curtailed much easier. #
+# #
+# ipv4clone: #
+# This specifies how many bits of an IP address should be checked #
+# against cloning in the <connect> tags, for example, if <connect> #
+# tags specified a limit of 2 (low!), and three users attempted to #
+# connect in the IP range 192.168.1.0-192.168.1.255, and ipv4clone #
+# was set to '24', the third connection would be disconnected. #
+# #
+# Valid values are 0-32, but you *don't* want 0. #
+# #
+# ipv6clone works in the same way, except for ipv6 addresses. Valid #
+# range is 0-128, but you *don't* want anything too small. #
+# #
+# Setting these to their maximum value (32, 128) will result in #
+# no actual CIDR checking being done, and clone checking will only be #
+# done across individual IPs. This is the default behaviour. #
+
+<cidr
+ ipv4clone="32"
+ ipv6clone="128">
#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
bool CheckOnce(const char* tag, ConfigDataHash &newconf);
public:
-
/** Process an include executable directive
*/
bool DoPipe(ConfigDataHash &target, const std::string &file, std::ostringstream &errorstream);
ServerLimits Limits;
+ /** Clones CIDR range for ipv4 (0-32)
+ * Defaults to 32 (checks clones on all IPs seperately)
+ */
+ int c_ipv4_range;
+
+ /** Clones CIDR range for ipv6 (0-128)
+ * Defaults to 128 (checks on all IPs seperately)
+ */
+ int c_ipv6_range;
+
/** Max number of WhoWas entries per user.
*/
int WhoWasGroupSize;
debugging = 0;
MaxChans = 20;
OperMaxChans = 30;
+ c_ipv4_range = 32;
+ c_ipv6_range = 128;
maxbans.clear();
DNSServerValidator = &ValidateDnsServer;
}
{"die", "value", "", new ValueContainerChar (this->DieValue), DT_CHARPTR, NoValidation},
{"channels", "users", "20", new ValueContainerUInt (&this->MaxChans), DT_INTEGER, NoValidation},
{"channels", "opers", "60", new ValueContainerUInt (&this->OperMaxChans), DT_INTEGER, NoValidation},
+ {"cidr", "ipv4clone", "32", new ValueContainerInt (&this->c_ipv4_range), DT_INTEGER, NoValidation},
+ {"cidr", "ipv6clone", "128", new ValueContainerInt (&this->c_ipv6_range), DT_INTEGER, NoValidation},
{"limits", "maxnick", "32", new ValueContainerST (&this->Limits.NickMax), DT_INTEGER, NoValidation},
{"limits", "maxchan", "64", new ValueContainerST (&this->Limits.ChanMax), DT_INTEGER, NoValidation},
{"limits", "maxmodes", "20", new ValueContainerST (&this->Limits.MaxModes), DT_INTEGER, NoValidation},
projects / user / henk / code / inspircd.git / commitdiff