Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25
  1. #16
    Join Date
    December 2009
    Location
    Germany
    Posts
    2,360
    Quote Originally Posted by an3kk View Post
    Your comparison, written in a childish style is about securing the whole dedicated server (house) but not the TS server (a room).
    But the room is also secured, if the bad guy cannot enter the house .

    But never mind, if possible, I support the idea that it would be good if there is a TS3 way of just whitelist some IPs and blacklist all other.

  2. #17
    Join Date
    March 2009
    Location
    Germany
    Posts
    74
    Quote Originally Posted by Stefan1200 View Post
    But the room is also secured, if the bad guy cannot enter the house .
    Thats true, but thats not the topic; it is "Whitelist before Blacklist" and exactly this is the problem, regardless if and how the server (house) is secured

    Whitelist before Blackist is very stupid. Whitelist is only useful if you have something blocked but since Whitelist comes first, there is nothing blocked, thus no need to whitelist.

    Lets assume i have nothing white- or blacklisted. Now i add 10.0.0.* to the whitelist - it doesn't change anything because 10.0.0.* is already "whitelisted" - if its not blacklisted its whitelisted (except Anti-Flood stuff, but this is a different topic). If you want to backlist 10.0.0.* but allow one computer from this network to allow connections you have to split the blacklist in 10.0.0.1 - 10.0.0.45 and 10.0.0.46 - 10.0.0.254 but then the whitelist is useless again, since you can't make an exception.

    Bad development in this case!

  3. #18
    Join Date
    December 2009
    Location
    Germany
    Posts
    2,360
    Quote Originally Posted by an3kk View Post
    Whitelist before Blackist is very stupid. Whitelist is only useful if you have something blocked but since Whitelist comes first, there is nothing blocked, thus no need to whitelist.
    Currently the job of the whitelist file is to disable the AntiFloodProtection for specified IP addresses.

  4. #19
    Join Date
    March 2009
    Location
    Germany
    Posts
    74
    Quote Originally Posted by Stefan1200 View Post
    Currently the job of the whitelist file is to disable the AntiFloodProtection for specified IP addresses.
    Well, the whole white- and blacklist feature is useless right now. Most of the ppl have dynamic IPs which makes whitelisting an IP useless, thus you just grant "ignore antiflood" permission to their account.

  5. #20
    Join Date
    December 2009
    Location
    Germany
    Posts
    226
    I disagree, I use it to allow a TS Viewer running on another host. And I could imagine the other way around: You might want to completely block the possibilities of queries by a specific server and not wait for flood protection...

  6. #21
    Join Date
    December 2009
    Location
    Germany
    Posts
    2,360
    I think the best way to make everyone happy is to add a new entry to the ts3server.ini file:

    blacklistAll = true
    Only whitelisted IP can connect to server query.

    blacklistAll = false
    Same behavior like now.

  7. #22
    Join Date
    March 2009
    Location
    Germany
    Posts
    74
    Quote Originally Posted by Baraan View Post
    I disagree, I use it to allow a TS Viewer running on another host. And I could imagine the other way around: You might want to completely block the possibilities of queries by a specific server and not wait for flood protection...
    You really misunderstood this thread. We are NOT asking for removing that feature, we're only asking for applying blacklist before whitelist. This change is very easy to accomplish.

    If you want TS viewer you can still use the whitelist OR apply the "ignore antiflood" to the client. If you want to completely block a server, use the blacklist.

    The problem is, that if you block a whole ip range, eg. 123.123.123.* you can't make even a single exception, for example if one server from that ip subnet is allowed to connect. If you want to do so, you have to block 123.123.123.1 to 123.123.123.44 and 123.123.123.46 to 123.123.123.254

    Sure, if you want to exclude one ip only its acceptable but think about more exceptions or larger ip ranges you want to block. Its easier if you could blacklist the whole range and just make the exceptions you want to using the whitelist.

    To explain it very simple: if you whitelist 123.123.123.123 but blacklist 123.123.123.* the whitelisted ip cannot connect. Thats stupid!

  8. #23
    Join Date
    March 2009
    Location
    Germany
    Posts
    74
    Quote Originally Posted by Stefan1200 View Post
    I think the best way to make everyone happy is to add a new entry to the ts3server.ini file:

    blacklistAll = true
    Only whitelisted IP can connect to server query.

    blacklistAll = false
    Same behavior like now.
    Nah, not very useful, because then you would have to whitelist all ips, ip ranges, etc. you want to be able to connect.

    Just place "apply blacklist" before "apply whitelist" and everything is fine.

  9. #24
    Join Date
    December 2009
    Location
    Germany
    Posts
    2,360
    Quote Originally Posted by an3kk View Post
    Nah, not very useful, because then you would have to whitelist all ips, ip ranges, etc. you want to be able to connect.
    Uhm, how many IPs you need to connect to telnet? I need two (Homepage / TS3 Bot).

    (if blacklistAll = true, it should still allow everyone to use the TS3 Client ServerQuery window from every IP, because you need a special permission to use the ServerQuery window)

  10. #25
    Join Date
    March 2009
    Location
    Germany
    Posts
    74
    Quote Originally Posted by Stefan1200 View Post
    Uhm, how many IPs you need to connect to telnet? I need two (Homepage / TS3 Bot).

    (if blacklistAll = true, it should still allow everyone to use the TS3 Client ServerQuery window from every IP, because you need a special permission to use the ServerQuery window)
    We are NOT talking about telnet only. we are talking about blocking general connections.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DYN DNS on Whitelist
    By Mindwalker in forum Windows
    Replies: 3
    Last Post: May 8th, 2012, 07:18 AM
  2. Replies: 5
    Last Post: January 18th, 2011, 11:34 PM
  3. No whitelist or blacklist in the downloads
    By Laire in forum Server Support
    Replies: 4
    Last Post: March 25th, 2010, 10:55 AM
  4. Whitelist
    By marinesct in forum Server Support
    Replies: 9
    Last Post: January 22nd, 2010, 03:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •