Thursday, December 02, 2004

Access Control List in BTQueue

Since 0.0.15, BTQueue allows us to limit access of incoming and outgoing connection at real-time with powerful user interface at least for me. Its idea is based on access control list in routers, firewalls, and programs, e.g. apache. Basically, there are only 2 access control lists available in BTQueue; allow and deny. Each access control list is a list of individual IP, IP range by prefix, IP range by netmask, country code, or network name separated by comma. See some samples below.

TH,200.2.1.3,202.17.20.0/24,202.17.19.0/255.255.255.0,INET-TH


There are 2 special keywords to represent all IPs and none IP, ALL and NONE, respectively.

What you can do to limit access from someone is to choose the order of allow and deny depending on your requirement. One may want to allow some IPs and deny other ones. One may want to deny some IPs and allow other ones.

In order to specify ACL in BTQueue, you need to modify 3 options; order_acl, allow_acl, and deny_acl. By default, these options are defined as below.

order_acl = allow,deny
allow_acl = ALL
deny_acl = NONE


If you want to ban all connections from Singapore, these options should be set as below.

order_acl = deny,allow
allow_acl = ALL
deny_acl = SG


In order to allow local connections only in Singapore, the options should be set as below.

order_acl = allow,deny
allow_acl = SG
deny_acl = ALL


For information about country code and network name, you should consule spew command or ip command.

No comments: