====== IP Address Filter ======
The ''ip.can'' file is an optional configuration file located in the Synchronet ''[[dir:text]]'' directory.

This file contains IP addresses for which Synchronet [[:server:|servers]] and dynamic [[:service:|services]] will not allow incoming connections. Note: static services may or may not filter connections based on this file depending on the design of the static service.

The file can be created or edited using most any common text editor. The contents of the file conform to the Synchronet [[config:filter files]] syntax to support wildcards (e.g. blocks of IP addresses) and comments.

Synchronet servers and services can write to this file (automatically adding IP addresses to be blocked) under the following conditions:

  - The ''LoginAttemptFilterThreshold'' key value in one of the sections of the ''[[config:sbbs.ini]]'' file is non-zero and the relevant server has detected consecutive failed login attempts from the same IP address exceeding the specified threshold, the IP address will be automatically added to the file (with a detailed comment)
  - The JavaScript ''system.filter_ip()'' method is used in a Synchronet service or module to block a specific IP address

Note: there is currently no mechanism to automatically //remove// blocked IP addresses from the file (e.g. after a certain period of time).

Rejected connections will be logged. Example:

  Nov 20 13:05:23 cvs sbbs: ftp  0013 !CLIENT BLOCKED in ip.can: 173.20.208.154

To block IP addresses without logging (i.e. silently reject), use the ''[[dir:text]]/[[config:ip-silent.can]]'' filter file instead.

===== See Also =====
  * [[:config:Filter Files]]
  * [[:config:|Configuration]]


{{tag>configuration security abuse can}}