dnsbl upkeep

2021-08-17 05:18:56 +05:30 · 2021-08-17 05:18:56 +05:30 · 9e7d5b6044
commit 9e7d5b6044
parent 87d1e58488
1 changed files with 46 additions and 0 deletions
--- a/ergo-dnsbl/config.yaml
+++ b/ergo-dnsbl/config.yaml
@ -0,0 +1,46 @@
+# an IP may match two different lists. if they give different results,
+# which should take precedence?
+precedence: [block, require-sasl]
+
+# the dnsbls to check for every client entering the network
+# these are just examples to show the possibilities for the config
+lists:
+    -
+        # host - specific hostname to use
+        host: "dnsbl.dronebl.org"
+
+        # action to take if the client matches this dnsbl:
+        # - allow - let the client access the network
+        # - block - block the client from accessing the network, with the given message
+        # - require-sasl - require the client to login with SASL, kill them if they don't
+        action: require-sasl
+
+        # reason that's shown if they're unable to access the network because of this rbl.
+        # we support the following variables:
+        # - "{ip}" - their IP address
+        reason: "Your IP {ip} is listed in DroneBL. For assistance, see http://dronebl.org/lookup?ip={ip}"
+
+        # specific replies to take action on. these are based on the last octet of the return IP.
+        # for example, "24" or "13,54,24" would both match a result of "127.0.0.24" from the rbl.
+        replies:
+            -
+                # these are proxies: https://dronebl.org/classes
+                codes: [8, 9, 10, 11]
+                action: require-sasl
+                reason: "You need to enable SASL to access this network. For assistance, see http://dronebl.org/lookup?ip={ip}"
+            -
+                # this is the "testing class":
+                codes: [1]
+                action: allow
+
+    -
+        host: "rbl.efnetrbl.org"
+        # restrict to IPv4 only (use 6 for IPv6)
+        addresses: 4
+        action: block
+        reason: "Your IP {ip} is listed in the EFnet RBL. For assistance, see http://efnetrbl.org/?i={ip}"
+
+    -
+        host: "torexit.dan.me.uk"
+        action: require-sasl
+        reason: "You need to enable SASL to access this network while using Tor"