Gnutella Forums

Gnutella Forums (https://www.gnutellaforums.com/)
-   General Discussion (https://www.gnutellaforums.com/general-discussion/)
-   -   phex security rules not working? (https://www.gnutellaforums.com/general-discussion/53867-phex-security-rules-not-working.html)

f00bar March 5th, 2006 04:52 AM
phex security rules not working?
 
I've been trying to configure phex to communicate only with a certain list of IP addresses. That is, I'm trying to get phex to only work with a whitelist of IPs.

I tried the following security rules:

DENY network mask 0.0.0.0/255.255.255.255
ALLOW network range x.x.0.0-x.x.255.255

However, after applying these rules, I'm still able to connect to servers outside the allowed IP range, and I'm also to download from hosts outside of the range.

Could someone please tell me what I'm doing wrong?

Thanks.

f00bar March 6th, 2006 04:47 AM
I've also tried setting the blocked range to 0.0.0.0-255.255.255.255 and my client still connects to anything.

GregorK March 6th, 2006 09:13 AM
I will check this...

it might be that the rules are only checked when collecting IPs... meaning when they first enter Phex from any network source.
...but already collected and cached IPs might not be checked again before a connection attempt is made...

f00bar March 6th, 2006 09:41 AM
Quote:
Originally posted by GregorK
I will check this...

it might be that the rules are only checked when collecting IPs... meaning when they first enter Phex from any network source.
...but already collected and cached IPs might not be checked again before a connection attempt is made...
I just built the latest version from CVS to test this issue. I deleted all the files in my phex configuration directory (~/.phex) and and created a new security.xml with a rule as follows:

Code:
        <ip-access-rule>
            <description>Deny all.</description>
            <isDenyingRule>true</isDenyingRule>
            <isDisabled>false</isDisabled>
            <triggerCount>0</triggerCount>
            <expiryDate>9223372036854775807</expiryDate>
            <isDeletedOnExpiry>false</isDeletedOnExpiry>
            <addressType>3</addressType>
            <ip>00000000</ip>
            <compareIP>FFFFFFFF</compareIP>
        </ip-access-rule>
Starting phex results in no connections. However, if I activate Ultrapeer mode, the security rule is bypassed and all connections are allowed.

f00bar March 6th, 2006 09:46 AM
I spoke too soon. Even after clearing the host cache, it appears that some hosts are able to connect.

GregorK March 6th, 2006 01:33 PM
It looks like the host creep in through the UDP host cache code. It is fairly new and I not yet had a chance to review it deeply.

I filed this bug report in case you like to monitor it.
http://sourceforge.net/tracker/index...21&atid=388892

I do my best to have it fixed for the next release.

Thanks for this nice observation, testing and reporting.

Gregor


All times are GMT -7. The time now is 02:57 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.