IPFilter - IP's Allowed

TiKiSMiKiS · November 24, 2006, 3:40pm

Since many versions, actually 0.70 i have this little problem and decide to post.

IpFilter.dat

xxx.xxx.xx1.000 - xxx.xxx.xx1.255 , 255 , # Servers 10 Mbits

xxx.xxx.xx2.000 - xxx.xxx.xx2.255 , 255 , # Servers 100 Mbits

000.000.000.000 - 255.255.255.255 , 000 , # No intruders when launching

This ipfilter block ALL the ip’s, including the ‘allowed’ ip’s.

If that ip is ‘allowed’, then stop checking ipfilter.dat };o)

Great Work

kluelos · November 24, 2006, 11:13pm

You’ll probably be a lot happier using PeerGuardian 2. It works for all applications, not just those that recognize a filter file; updates itself rather than requiring you to remember to do it; doesn’t need a long time to process and integrate various blocklists; and doesn’t require you to export files all over the disk so the various applications can find them.

TiKiSMiKiS · November 25, 2006, 12:08am

If do not let to all program access to any ip, then i can’t post here.

If i introduce the ipfilter to the peerguardian then no other program work.

Because i only accept traffic from a few peers. The Servers.

Thanks, but this is that the ipfilter ‘allowed’ not work in bitcomet, the ‘prohibited’ yes.

The first two lines are skipped by bitcomet on load. Only load 1 line, the prohibited, and those are ‘all’ the world.

And that is not the way the ipfilter work. 255 are allowed ip’s.

kluelos · November 25, 2006, 8:54pm

It’s very difficult to understand your post, but there are a couple of points that I think I do comprehend.

PeerGuardian should be used instead of, not as a supplement to, ipfilter.dat

It’s been my understanding that a subsequent rule overrides an previous rule if there is a conflict, in ipfilters generally, so if your first and second rules say “allow this, allow that” and your third rule says “allow nothing” then the third rule wins and nothing is allowed. Make your restrictions first, followed by your permissions rules and it should work the way you want. I’ve never encountered any filter that works as you describe, “process the first line or first two lines then stop”.

TiKiSMiKiS · November 28, 2006, 3:29pm

IP rules file: ipfilter.dat loaded, 1 entries.

Independient of the work process, the rules are not loaded.

If they are not loaded, they can not be processed. Well or bad.

Writing the ipfilter.dat as you indicate don’t work.

Only load the Deny lines ‘000’.

I know is a dificult aspect. Good Work. Thanks.

Edited : Searched the firewall in OpenBSD based in ipfilter → http://geodsoft.com/howto/harden/OpenBSD/ipfrules.txt

Note the allowed and the deny order.