<div dir="ltr"><div>Thanks.</div><div><br></div><div>Maybe something like this might do it:</div><div></div><div><ul><li><a href="https://mediarealm.com.au/articles/icecast-stream-geoblocking/">https://mediarealm.com.au/articles/icecast-stream-geoblocking/</a></li></ul></div><div></div><div>I should have searched more before asking the question(s) :o)</div><div><br></div><div>Cheers</div><div><br></div><div>Chip Scooter<br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 26 Mar 2020 at 13:00, Marius Flage <<a href="mailto:marius@flage.org">marius@flage.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <p>Ah,</p>
    <p>I must have overlooked that requirement in my first reply. I
      don't think you can do it natively in Icecast, and doing this in
      the kernel will be too low level and too wide a block, so I guess
      a web application firewall or a reverse proxy is the way to go.
      Maybe setting up HAproxy or similar could solve this?</p>
    <p>--<br>
      Marius<br>
    </p>
    On 26.03.2020 13:49, Chip wrote:<br>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div>Thanks.</div>
        <div><br>
        </div>
        <div>Indeed - but is it it possible to block IP addresses on a
          per mountpoint level? For example, my user with
          /mountpointA.ogg does not mind being hammered by connections
          from 93.184.216.34 [<a href="http://example.com" target="_blank">example.com</a>] but
          my user with /mountpointB.ogg wants to block that IP address.</div>
        <div>
          <div><br>
          </div>
          <div>Using iptables I've blocked connections, at a server
            level, from <a href="http://example.com" target="_blank">example.com</a> for my User B but
            my User A doesn't mind their connection being probed once
            per minute 24/7/365 by a badly-configured player from that
            IP address.</div>
          <div><br>
          </div>
          <div>Thank you</div>
          <div><br>
          </div>
          <div>Chip Scooter<br>
          </div>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Thu, 26 Mar 2020 at 11:30,
          Marius Flage <<a href="mailto:marius@flage.org" target="_blank">marius@flage.org</a>> wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div>
            <p>I believe the easiest is just to do this using iptables
              ('iptables -A INPUT -s 93.184.216.34 -j DROP'). There's
              also an geoip module available for iptables.<br>
            </p>
            <p>--<br>
              Marius<br>
            </p>
            <div>On 26.03.2020 12:16, Chip wrote:<br>
            </div>
            <blockquote type="cite">
              <div dir="ltr">
                <div>Hi</div>
                <div><br>
                </div>
                <div>Several questions below:<br>
                </div>
                <div><br>
                </div>
                <div>a) is it possible to block IP addresses on a per
                  mountpoint level e.g. my user with /mountpointA.ogg
                  does not mind being hammered by connections from
                  93.184.216.34 [<a href="http://example.com" target="_blank">example.com</a>]
                  but my user with /mountpointB.ogg wants to block that
                  IP address.</div>
                <div><br>
                </div>
                <div>b) is it possible to geoblock ranges of IP
                  addresses and whole countries on a per mountpoint
                  basis?</div>
                <div><br>
                </div>
                <div>c) what options do people use for geoblocking? I'm
                  on a VPS so ipset is currently not an option.</div>
                <div><br>
                </div>
                <div>Many thanks in advance</div>
                <div><br>
                </div>
                <div>Chip Scooter<br>
                </div>
              </div>
              <br>
              <fieldset></fieldset>
              <pre>_______________________________________________
Icecast mailing list
<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a>
<a href="http://lists.xiph.org/mailman/listinfo/icecast" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a>
</pre>
            </blockquote>
          </div>
          _______________________________________________<br>
          Icecast mailing list<br>
          <a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a><br>
          <a href="http://lists.xiph.org/mailman/listinfo/icecast" rel="noreferrer" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a><br>
        </blockquote>
      </div>
      <br>
      <fieldset></fieldset>
      <pre>_______________________________________________
Icecast mailing list
<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a>
<a href="http://lists.xiph.org/mailman/listinfo/icecast" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a>
</pre>
    </blockquote>
  </div>

_______________________________________________<br>
Icecast mailing list<br>
<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a><br>
<a href="http://lists.xiph.org/mailman/listinfo/icecast" rel="noreferrer" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a><br>
</blockquote></div>