Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Advice for moving forward with modules

by zengargoyle (Deacon)
on Feb 28, 2003 at 02:20 UTC ( #239322=note: print w/ replies, xml ) Need Help??


in reply to Advice for moving forward with modules

my favorite way to block people has lot's of watcher daemons sending block requests to a database, and a blocker daemon that updates firewall-filters at the border. no muss, no fuss. (it's a current project, can't 'ya tell? =)

Net::Netmask has everything you need for blocking whole ranges of ip's, but it might not be easy to serialize to/from a file.

if i were you, i would have done something with one of the Cache::Cache modules:

# untested, but close. $blocked = Cache::FileCache->new( cache_root => '/wherever/blocked_hosts', default_expires_in => '30 days', ) or die "no cache!\n"; sub block { # block($ip,$howlong) $blocked->set($_[0], 1, $_[1]); } sub is_blocked { # is_blocked($ip) -> undef or 1 $blocked->get($_[0]); } sub unblock { # unblock($ip) block($_[0], 'now'); # expire 'now', $ip go poof! } block('192.168.254.1'); # 30 days block('192.168.254.12','6 months'); deny_access if is_blocked('192.168.254.1'); unblock('192.168.254.1'); block('192.168.254.13', 'never'); # block forever!

the auto expire can come in quite handy.

or if you can, a decent database, DBI and some SQL will let you easily access the blocked info from anywhere w/o worrying about locking and such, plus you can store the IP and Mask in the database as Integer values and then build a SELECT that will match ranges using SQL's math operators.

$is_blocked = $dbh->prepare(' SELECT 1 FROM blocks WHERE ( ? & mask ) == ( ip & mask ) '); deny_access if ($is_blocked->execute(ip2int('192.168.254.1'))); # blocks # ip integer, # mask integer 1.0.0.0 == 16777216 1.1.0.0 == 16842752 1.1.1.1 == 16843009 255.255.0.0 == 4294901760 16777216 & 4294901760 == 16777216 16842752 & 4294901760 == 16842752 16843009 & 4294901760 == 16842752 so... blocks ip mask 16842752 4294901760 (1.1.0.0 255.255.0.0) will block everything under 1.1.0.0/16

or since TMTOWTDI i'm pretty sure CPAN has something that will tie a hash to a file/db

tie %blocks, 'Tie::Foo', 'the_block_file'; sub block { $blocks{shift} = 1 } sub unblock { delete $blocks{shift} } sub is_blocked { exists $blocks{shift} }


Comment on Re: Advice for moving forward with modules
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://239322]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (9)
As of 2014-07-30 06:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (229 votes), past polls