support protecting specific CIDRs from wide k-lines

Question

support protecting specific CIDRs from wide k-lines

jesopo opened this issue 3 years ago · 5 comments

some IPv6 /64s have a lot of users in them. might be nice to have a way to say "only allow minimum <prefixlen> k-lines in this CIDR"

Answer 1 · 2021-11-18T16:39:48.000Z

Registering my full support for something like this, when a matrix bridge gets a kline across the whole range, it basically evicts all the matrix users from all the rooms which is not fun.

Answer 2 · 2021-11-18T16:42:03.000Z

alternative solution could be to never accept a k-line that will kill more than n number of users, but you can't accurately calculate how many users a given k-line will kill without asking all remote servers

Answer 3 · 2021-11-18T16:51:18.000Z

Maybe a kind of protect_list of IP range to protect from K-lines can also be a good solution, because for example a lot of ISP provide /64 IPv6 range to each user, so disable k-line possibilities for a /64 can disable the possibility to ban a single user?

Answer 4 · 2021-11-21T11:44:18.000Z

we'd also want this to somehow cover wildcards

Answer 5 · 2022-01-06T10:36:07.000Z

a better way to do this would be marking an iline as immune to wildcard/cidr k-lines