Skip to content

IP white list #2

Open
Spamme1 opened this Issue Jun 12, 2012 · 4 comments

4 participants

@Spamme1
Spamme1 commented Jun 12, 2012

The title is self explaining. It would be nice if can added a list of IPs, which are never blocked.
Reason: If I mistype the password from my office, with a known IP, I don't want to wait 5 minutes to try again.

@israelt
israelt commented Jun 22, 2012

A whitelist for certain IP will be great!

@EvanAnderson
Owner

I've gotten a lot of requests for this one, so I'm definitely going to put it on the roadmap.

@EvanAnderson EvanAnderson was assigned Jul 13, 2012
@EvanAnderson
Owner

The code for obtaining IP addresses (individual hosts or subnets in CIDR notation) is written.

The ADM file to store the addresses in the registry is written.

The code to parse the addresses into a binary tree representation and query the tree to determine if addresses are whitelisted is written.

I need to integrate the code into ts_block now. That's probably another 4 -6 coding hours. After that we're probably looking at 2 - 3 hours of testing. I'll commit the code here once it's undergone basic testing so that others can test it, too.

I'm not going to do another release milestone until I have this feature and the currently-filed bugs fixed.

@Sh4-X
Sh4-X commented Dec 4, 2012

Hello, I wrote a dirty whitelist system, I don't know VBS but because I have the block duration at 1 hour I was tired of being locked out of my boxes for so long.

Step 1 : add variables for whitelisted IP's below all the other Const at the script beginning (place your ip's in quotes) :

Const IP_WL1 = "put your ip here"
Const IP_WL2 = "put your ip here"
Const IP_WL3 = "x.x.x.x"

Step 2 : Add this code below the text "' Should we block this IP address?", search for it, it should be at line 271

    If IP = IP_WL1 Then
LogEvent 258, EVENTLOG_TYPE_INFORMATION, "Skipped " & IP & " because it is whitelisted"
    ElseIf IP = IP_WL2 Then
LogEvent 258, EVENTLOG_TYPE_INFORMATION, "Skipped " & IP & " because it is whitelisted"
    ElseIf IP = IP_WL3 Then
LogEvent 258, EVENTLOG_TYPE_INFORMATION, "Skipped " & IP & " because it is whitelisted"
    ElseIf dictIPBadLogons.Item(IP) = intBlockAttempts Then
Block(IP)
    End If

If a failed attempt from a whitelisted IP is logged, it will say so in the event viewer, otherwise it should function as normal. You can increase or decrease the amount of whitelisted IP by following this scheme, it is not very elegant and it should add a bit of CPU usage in case of bruteforce attack but because evan promised to it 3 months ago and not followed through, I thought I would fix it myself since I was tired of waiting (and being locked out for 1 hours, my boss didn't like to hear I couldn't work because I mistyped something)

Hope it works for you, let me know if you have problems, I will not commit the changes because the code is very rudimentary.

Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.