search

warvair / peerblock

Automatically exported from code.google.com/p/peerblock
Other
0 stars 1 forks source link

LAN IPs are blocked when in an allow list that overlaps a block list #389

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Create a block list from 0.0.0.0 to 255.255.255.255
2. Create an allow list for 10.0.0.1 to 10.0.0.2
3. Attempt to reach the host PC over your LAN

What is the expected output? What do you see instead?

Expected: Since the 10.x.x.x is in the allow list it should pass
Instead: All attempts are blocked

What version of PeerBlock are you using? On what operating system? 32- or
64-bit?

Version: 1.1 r518
OS: WinXP Pro 32-bit

Please provide any additional information below.  Make sure to attach
peerblock.log and/or any screenshots that would help explain your problem.

I have 3 computers on a LAN with the IPs in the 10.0.0.0 range. I wanted to use 
PeerBlock to block all traffic except for that range. Unfortunately adding the 
PCs individually or by range did not work, PB still uses the block list before 
the allow list

Original issue reported on code.google.com by mrsm...@att.net on 8 Mar 2011 at 2:12

GoogleCodeExporter commented 8 years ago 
Update:

Using the same block list above but modifying the allow list to this works:

10.0.0.0 to 10.255.255.255

The bug though is that PeerBlock should honor the allow list for individual IPs 
too:

10.0.0.1 to 10.0.0.1 

or

10.0.0.1 to 10.0.0.2

however neither of those types of entries work. It may be the case that certain 
PCs on the network shouldn't connect so individual entries should work.

Original comment by mrsm...@att.net on 8 Mar 2011 at 2:18

GoogleCodeExporter commented 8 years ago 
This might be somewhat reliant. 

There is a Paranoid List, has "0.0.0.1-255.255.255.255", that you can set as 
block, Just enter this URL into PeerBlock " 
http://list.iblocklist.com/?list=paranoid " and set as Block.

Original comment by ineedali...@gmail.com on 9 Mar 2011 at 11:24

GoogleCodeExporter commented 8 years ago 
@ineedali

The problem isn't with the blocking, it's with the allowing.

I should be able to allow a single IP: 10.0.0.1 without having to allow
the entire range: 10.0.0.0 to 10.255.255.255

What if, for example, I wanted this setup:

0.0.0.0 to 255.255.255.255 - block
10.0.0.1 to 10.0.0.2 - allow
10.0.0.3 - block
10.0.0.4 - allow

The problem is with the existing bug, the closest you can come to that 
configuration
is to allow the entire subnet (10.0.0.0 - 10.255.255.255) in order to override
the "total block" list.

This shouldn't be the case. I should be able to selectively allow a specific IP
while blocking the rest.

Original comment by mrsm...@att.net on 12 Mar 2011 at 10:48