my favorite way to block people has lot's of watcher daemons sending block requests to a database, and a blocker daemon that updates firewall-filters at the border. no muss, no fuss. (it's a current project, can't 'ya tell? =)
Net::Netmask has everything you need for blocking whole ranges of ip's, but it might not be easy to serialize to/from a file.
if i were you, i would have done something with one of the Cache::Cache modules:
# untested, but close.
$blocked = Cache::FileCache->new(
cache_root => '/wherever/blocked_hosts',
default_expires_in => '30 days',
) or die "no cache!\n";
sub block { # block($ip,$howlong)
$blocked->set($_[0], 1, $_[1]);
}
sub is_blocked { # is_blocked($ip) -> undef or 1
$blocked->get($_[0]);
}
sub unblock { # unblock($ip)
block($_[0], 'now'); # expire 'now', $ip go poof!
}
block('192.168.254.1'); # 30 days
block('192.168.254.12','6 months');
deny_access if is_blocked('192.168.254.1');
unblock('192.168.254.1');
block('192.168.254.13', 'never'); # block forever!
the auto expire can come in quite handy.
or if you can, a decent database, DBI and some SQL will let you easily access the blocked info from anywhere w/o worrying about locking and such, plus you can store the IP and Mask in the database as Integer values and then build a SELECT that will match ranges using SQL's math operators.
$is_blocked = $dbh->prepare('
SELECT 1 FROM blocks WHERE
( ? & mask ) == ( ip & mask )
');
deny_access if ($is_blocked->execute(ip2int('192.168.254.1')));
# blocks
# ip integer,
# mask integer
1.0.0.0 == 16777216
1.1.0.0 == 16842752
1.1.1.1 == 16843009
255.255.0.0 == 4294901760
16777216 & 4294901760 == 16777216
16842752 & 4294901760 == 16842752
16843009 & 4294901760 == 16842752
so... blocks
ip mask
16842752 4294901760 (1.1.0.0 255.255.0.0)
will block everything under 1.1.0.0/16
or since TMTOWTDI i'm pretty sure CPAN has something that will tie a hash to a file/db
tie %blocks, 'Tie::Foo', 'the_block_file';
sub block { $blocks{shift} = 1 }
sub unblock { delete $blocks{shift} }
sub is_blocked { exists $blocks{shift} }
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
