Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Advice for moving forward with modules

by zengargoyle (Deacon)
on Feb 28, 2003 at 02:20 UTC ( #239322=note: print w/ replies, xml ) Need Help??


in reply to Advice for moving forward with modules

my favorite way to block people has lot's of watcher daemons sending block requests to a database, and a blocker daemon that updates firewall-filters at the border. no muss, no fuss. (it's a current project, can't 'ya tell? =)

Net::Netmask has everything you need for blocking whole ranges of ip's, but it might not be easy to serialize to/from a file.

if i were you, i would have done something with one of the Cache::Cache modules:

# untested, but close. $blocked = Cache::FileCache->new( cache_root => '/wherever/blocked_hosts', default_expires_in => '30 days', ) or die "no cache!\n"; sub block { # block($ip,$howlong) $blocked->set($_[0], 1, $_[1]); } sub is_blocked { # is_blocked($ip) -> undef or 1 $blocked->get($_[0]); } sub unblock { # unblock($ip) block($_[0], 'now'); # expire 'now', $ip go poof! } block('192.168.254.1'); # 30 days block('192.168.254.12','6 months'); deny_access if is_blocked('192.168.254.1'); unblock('192.168.254.1'); block('192.168.254.13', 'never'); # block forever!

the auto expire can come in quite handy.

or if you can, a decent database, DBI and some SQL will let you easily access the blocked info from anywhere w/o worrying about locking and such, plus you can store the IP and Mask in the database as Integer values and then build a SELECT that will match ranges using SQL's math operators.

$is_blocked = $dbh->prepare(' SELECT 1 FROM blocks WHERE ( ? & mask ) == ( ip & mask ) '); deny_access if ($is_blocked->execute(ip2int('192.168.254.1'))); # blocks # ip integer, # mask integer 1.0.0.0 == 16777216 1.1.0.0 == 16842752 1.1.1.1 == 16843009 255.255.0.0 == 4294901760 16777216 & 4294901760 == 16777216 16842752 & 4294901760 == 16842752 16843009 & 4294901760 == 16842752 so... blocks ip mask 16842752 4294901760 (1.1.0.0 255.255.0.0) will block everything under 1.1.0.0/16

or since TMTOWTDI i'm pretty sure CPAN has something that will tie a hash to a file/db

tie %blocks, 'Tie::Foo', 'the_block_file'; sub block { $blocks{shift} = 1 } sub unblock { delete $blocks{shift} } sub is_blocked { exists $blocks{shift} }


Comment on Re: Advice for moving forward with modules
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://239322]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (3)
As of 2015-08-01 02:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (285 votes), past polls