From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1]) by tb-mx0.topicbox.com (Postfix) with ESMTP id 8A0414A1814 for <9fans@9fans.net>; Tue, 29 Oct 2019 07:26:54 -0400 (EDT) (envelope-from steve@quintile.net) Received: from tb-mx0.topicbox.com (localhost [127.0.0.1]) by tb-mx0.topicbox.com (Authentication Milter) with ESMTP id 01D7305264C; Tue, 29 Oct 2019 07:26:54 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1572348414; b=egksc+BXsY5SDfhlv0t47lPyuplgfV1lGDoubjNy+bjgZ4ek1/ pD4PnjZYoRIpAPAh0mAAQLB8ahB/QL20PsDV6iA4KR9nxoRKEoeH9a2Ps5k/5WrX Yt5DwMcenwcSPStttyWYX4NDKgjTqlaU/E+OUcjIGIOeGnzuDVvq+08cBzGwW0xb RnzZxJHRusejkxpFzb0sxuN8rZk+fM2m5LDnbacUU2P0JJqOR7YRDQUKys0ZeRuY ZlyD0ur9dNQzqQBfFG7Mz/eVJRyOaRaYxEa2IpUHkxDzt9NJWNFjp4gUe7wVX96F sOb0q1po285jPEZEfzJixMEg2ySx1X7yBhXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:from:date:to:subject:in-reply-to :mime-version:content-type:content-transfer-encoding; s=arcseal; t=1572348414; bh=G7M+NT+lO2BHEvY8lk9zbtM6r1qiNBS13lARbTYA7Qg=; b= ZHyv0IxW7szXtyuy5n7WS0Zv2ucXaP6wWJB8Qid3gfU9/bJM6LKcn7JhjjcM1ntI Fk6WQ9Ul1NRcDCwXZXlEOZSzzk5hIee+1qEpg1PQymd/T9hmWPCNds4m/jXBLa0U 7NLZDjJKZmPbDldsBt+z6mpR9USLhljTL08PCmmtpyscrJHsv5SBg7G2nY7hqnIC A4OsduqrlQN5/Ms0RAjZv14/o8KodLteenYQVWEUcU82dA7t/4QUAbMMGYJbcgmo JrycQYvufCb6CY1KSo20HVjaWcydVSc77dt8xLnErXEmdc0rUWZKyYurvL4sDNtP qa2tX/GRcpS5v+ndZZ9hng== ARC-Authentication-Results: i=1; tb-mx0.topicbox.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=quintile.net; iprev=pass smtp.remote-ip=81.187.30.51 (a-painless.mh.aa.net.uk); spf=pass smtp.mailfrom=steve@quintile.net smtp.helo=a-painless.mh.aa.net.uk; x-aligned-from=pass (Address match); x-ptr=pass smtp.helo=a-painless.mh.aa.net.uk policy.ptr=a-painless.mh.aa.net.uk; x-return-mx=pass header.domain=quintile.net policy.is_org=yes (MX Record found); x-return-mx=pass smtp.domain=quintile.net policy.is_org=yes (MX Record found); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx0.topicbox.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=quintile.net; iprev=pass smtp.remote-ip=81.187.30.51 (a-painless.mh.aa.net.uk); spf=pass smtp.mailfrom=steve@quintile.net smtp.helo=a-painless.mh.aa.net.uk; x-aligned-from=pass (Address match); x-ptr=pass smtp.helo=a-painless.mh.aa.net.uk policy.ptr=a-painless.mh.aa.net.uk; x-return-mx=pass header.domain=quintile.net policy.is_org=yes (MX Record found); x-return-mx=pass smtp.domain=quintile.net policy.is_org=yes (MX Record found); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedufedruddtuddgvdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefkhfffvf fujgggtgfgsehtjehjtddttddvnecuhfhrohhmpedfufhtvghvvgcuufhimhhonhdfuceo shhtvghvvgesqhhuihhnthhilhgvrdhnvghtqeenucfkphepkedurddukeejrdeftddrhe dupdekuddrudekjedrudelkedrudefvdenucfrrghrrghmpehinhgvthepkedurddukeej rdeftddrhedupdhhvghloheprgdqphgrihhnlhgvshhsrdhmhhdrrggrrdhnvghtrdhukh dpmhgrihhlfhhrohhmpeeoshhtvghvvgesqhhuihhnthhilhgvrdhnvghtqecuuffkkgfg pedvfeelleenucevlhhushhtvghrufhiiigvpedt X-ME-VSCategory: clean Received-SPF: pass (quintile.net: 81.187.30.51 is authorized to use 'steve@quintile.net' in 'mfrom' identity (mechanism 'ip4:81.187.30.51' matched)) receiver=tb-mx0.topicbox.com; identity=mailfrom; envelope-from="steve@quintile.net"; helo=a-painless.mh.aa.net.uk; client-ip=81.187.30.51 Received: from a-painless.mh.aa.net.uk (a-painless.mh.aa.net.uk [81.187.30.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx0.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Tue, 29 Oct 2019 07:26:53 -0400 (EDT) (envelope-from steve@quintile.net) Received: from 132.198.187.81.in-addr.arpa ([81.187.198.132] helo=quintile.net) by a-painless.mh.aa.net.uk with esmtp (Exim 4.92) (envelope-from ) id 1iPPeG-0004I9-LE for 9fans@9fans.net; Tue, 29 Oct 2019 11:26:52 +0000 Message-ID: <093e2b63a02b86b45ad0ac0e4d0522e6@quintile.net> From: "Steve Simon" Date: Tue, 29 Oct 2019 11:26:50 +0000 To: 9fans@9fans.net Subject: Re: [9fans] banishment of nuisance IP addresses In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 05022554-fa3f-11e9-9bd8-eb1ea3aa579c re: anyone can banish ano IP address You are quite right, not a problem for me, but not a general solution. Ok, chmod og-w /lib/ndb/banished first. I could then write a file server, envoked in cpurc as bootes and thus has rights to update the files in /lib/ndb/banished/*. The file server would have to ensure its /srv/xxx file is not accessable by others. This could be mounted by the network listners before they becomenone() so they retain access. They would also need to ensure they unmount the writable access to the banishment directory before starting their child process (if the incomming connection is successful). ugh. Even _if_ that would work its a real pain. oh well, nice idea, but no bananna. -Steve