If you’re getting a parsing error that is preventing ipblock / iplist from starting such as “error: can’t convert 192“, the first thing to do is to check with ip blocking list is causing the issue. In your /etc/ipblock.conf, comment out your lists one at a time until you find the problem list.
#BLOCK_LIST=”badpeers.gz bogon.gz level1.gz”
BLOCK_LIST=”badpeers.gz level1.gz
Since yesterday, I’ve noticed that bogon.gz was causing the problem. Now, let’s look at the only place that produces the “can’t convert ” error message:
src/list.cpp:
{
uint16_t a, b, c, d;
if (sscanf(str.c_str(), "%hu.%hu.%hu.%hu", &a, &b, &c, &d) != 4 ||
a > 255 || b > 255 || c > 255 || d > 255)
throw std::runtime_error("can’t convert " + str);
return a < < 24 | b << 16 | c << 8 | d;
}
Notice that the sscanf() will read in a *full* ip address and convert it to hex. If any part of the ip address is invalid (like a letter) or missing (see the bogon snippet below), iplist will spit out the error message and die.
The last two lines of bogon.gz (/var/cache/iplist/bogon.gz) shows us an incomplete ip address:
Bogon:192.231.155.0-192.231.155.255
Bogon:192.231.188.0-192
Whether or not to forgo the bogon.gz is up to you but personally I would like an option in iplist to print a warning and skip over that bad ip entry.
