Web кътче на SharkyDog: Forums / NET/IP Filter / v1.1

Forums

Web кътче на SharkyDog :: Forums :: Модули за e107 :: NET/IP Filter		<< Previous thread \| Next thread >>
v1.1 - Work sequence


Moderators: SharkyDog

Author

Post

SharkyDog

Thu Aug 23 2007, 10:32PM

Registered Member #1

Joined: Sat Nov 11 2006, 10:22AM

Posts: 40

This thread is about the sequence of actions in v1.1 of Net/IP Filter when checking an ip by the check() function of the NetIP_Filter class.
The network filter setting ("Allow all", "Allow all, deny by the table", etc.) is no more global, and is assigned for every event, There will be a global setting for its default value, and also one for the predefined event "init";
Every network and IP address will be able to get more than one event, or get them all.
So if you create an entry in the IP filter with your IP address, all events andaction "allow", you can be sure, you'll never be blocked :}}

The check() function is called like this

$denied = $nipf->check($ip,$event);
if($denied) print "Access denied!";
else print "Access granted!";

In v1.1 there will be no "action" parameter for networks, it will be replaced with "active".
IP is first checked if its valid, if not check() returns true.
Then data for the event is fetched (the network filter setting is needed - "Allow all", "Allow all, deny by the table", etc.).
If the setting is "Allow all" net filter's result is false (no check in networks is performed).
If the setting is "Deny all" net filter's result is true (no check in networks is performed).
Next is checking for active networks with the given ip and event in the network filter.
If there are matching networks and network filter setting for the given event is "Allow all, deny by the table", net filter's result is true.
If there are matching networks and the setting is "Deny all, allow by the table", net filter's result is false.
If there are no matching networks and the setting is "Allow all, deny by the table", net filter's result is false.
If there are no matching networks and the setting is "Deny all, allow by the table", net filter's result is true.
false result means "allowed", and true result means "denied".

Next depending on the net filter's result the ip is checked in the ip filter, if the net result is true the check is performed with action parameter "allow", otherwise "deny".
This means, if the net filter blocks the user for the given event, ip filter will try to allow him. And if the user is allowed by the net filter, he will be checked in the ip filter for denial.

I repeat, this is for the future v1.1, in v1.0 net filter's behaviour is slightly different.

[ Edited Thu Aug 23 2007, 11:45PM ]


Jump: Back to top