<dnsbl name="dnsblname" type="bitmask" domain="dns.domain.org" action="KILL" reason="youre banned!" duration="1d" bitmask="5">
OR:
<dnsbl name="dnsblname" type="record" domain="dns.domain.org" action="KILL" reason="youre banned!" duration="1d" records="1,2,6,19,24-38">
Where the attributes are as follows:
- name: A readable name for the blacklist, e.g. Blitzed OPM
- type: The type of blacklist, either bitmask or record.
- domain: the dns domain the bl uses, e.g. opm.blitzed.org
- action: one out of KILL, ZLINE, KLINE, GLINE (case sensitive!)
- reason: any text you want to use as banreason or tag (%ip% will be replaced by the user's ip)
- duration: how long you want to enforce the ban (takes no effect on KILL, defaults to 24hours)
- bitmask: For bitmask type blacklists, this is an AND mask the result from the rbl is masked again, e.g. if you only want results 1 and 4, enter 5(=1 | 4) here. Must be greater than 0 (use 255 for matching all Class C backlist results)
- records: For record type blacklists (1.2 only) this is a list of A record replies which cause a match for this blacklist. This value can contain lists or ranges of integer values, e.g. "1,2,3,5-9" to match all values within the range 1,2,3,5,6,7,8,9.
NOTE: A blacklist may only make use of one of either records or bitmask at any one time, depending on the value of type.
- Examples for popular DNSBLs
<dnsbl name="Tor sectoor.de"
domain="tor.dnsbl.sectoor.de"
action="GLINE"
reason="Tor exit server detected. Please visit http://www.sectoor.de/tor.php?ip=%ip% for more information."
duration="1h"
bitmask="1">
|
