Skip to content
Snippets Groups Projects
Commit 2c9771f2 authored by Rob Swindell's avatar Rob Swindell :speech_balloon:
Browse files

Clean-up the DNSBL checking function a little bit and its call site. 

Always log (a notice-level log message) when there's a DNSBL match, along with
the address it actually resolved to (indicates which list the IP address was
found in).
No log message otherwise.

Note: resolve_ip() doesn't actually support IPv6 yet, so I don't think this
IPv6 address parsing/reformatting logic has actually been tested.
parent 43074410
No related branches found
No related tags found
1 merge request!463MRC mods by Codefenix (2024-10-20)
Show whitespace changes
Inline Side-by-side
Showing
with 8 additions and 16 deletions
exec/load/ircd/core.js
+ 8
16
View file @ 2c9771f2
...@@ -2774,25 +2774,18 @@ function accept_new_socket() { ...@@ -2774,25 +2774,18 @@ function accept_new_socket() {
return false; return false;
} }
// Start of RBL check // Start of DNSBL check
// We don't account for not being able to access to dns server. const dnsbl_result = check_dnsbl(sock.remote_ip_address, 'dnsbl.dronebl.org');
const res=checkip(sock.remote_ip_address) if (dnsbl_result) {
log(LOG_DEBUG,"RES is " +res);
if (res === undefined) {
log(LOG_DEBUG,"!ERROR Socket has an invalid IP address: "+sock.remote_ip_address+" Closing.");
sock.close();
return false;
} else if (res !== 'NXDOMAIN') {
sock.send(format( sock.send(format(
":%s 463 * :This IP is not welcome. Visit http://dronebl.org/lookup?ip="+sock.remote_ip_address+"&network=Synchronet for more information.", ":%s 463 * :Your IP address is not welcome. Visit http://dronebl.org/lookup?ip="+sock.remote_ip_address+"&network=Synchronet for more information.",
ServerName ServerName
)); ));
log(LOG_DEBUG,"Blocking "+sock.remote_ip_address+" Closing."); log(LOG_NOTICE, format("DNS-Blocked IP address %s resolves to %s", sock.remote_ip_address, dnsbl_result));
sock.close(); sock.close();
return false; return false;
} }
// End of RBL check // End of DNSBL check
if (IP_Banned(sock.remote_ip_address)) { if (IP_Banned(sock.remote_ip_address)) {
sock.send(format( sock.send(format(
...@@ -3087,8 +3080,7 @@ function StatsM() { ...@@ -3087,8 +3080,7 @@ function StatsM() {
} }
function checkip(ip) { function check_dnsbl(ip, rbl) {
const rbl='dnsbl.dronebl.org';
m = ip.match(/^(?:::ffff:)?([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/i); m = ip.match(/^(?:::ffff:)?([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/i);
if (m !== null) { if (m !== null) {
// IPv4 Address // IPv4 Address
...@@ -3129,5 +3121,5 @@ function checkip(ip) { ...@@ -3129,5 +3121,5 @@ function checkip(ip) {
}); });
} }
return resolve_ip(qstr) || 'NXDOMAIN'; return resolve_ip(qstr);
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment