Date: Mon, 16 Jan 2023 15:43:03 +0100 From: Michael Grimm <trashcan@ellael.org> To: freebsd-questions@freebsd.org Subject: blacklistd Message-ID: <1C901D61-CF0D-4C0B-9702-CD9FB6A4FB51@ellael.org>
next in thread | raw e-mail | index | archive | help
[FreeBSD 13.1-STABLE stable/13-n253468-16dd69d46577] Hi, I recently configured blacklistd in order to get sshd and postfix = submission monitored.=20 It works sofar, but I do have some questions/observations to share: 1) IPv6 addresses in /etc/blacklistd.conf According to the man page BLACKLISTD.CONF(5) I tried to get IPv6 = addresses whitelisted in section [remote] like: The first field denotes the location as an address, mask, and = port. The syntax for the location is: [<address>|<interface>][/<mask>][:<port>] The address can be an IPv4 address in numeric format, an IPv6 = address in numeric format and enclosed by square brackets, or an interface = name. But this doesn't work as stated in the man page: # adr/mask:port type proto owner name nfail disable [remote] [1:2:3:4::8] * * * * * * =E2=80=94=E2=80=94> Jan 15 15:40:17 <daemon.err> VM blacklistd[61944]: getnum: = /etc/blacklistd.conf, 15: Bad number for service [] [remote] [1:2:3:4::8]/64 * * * * * * =E2=80=94=E2=80=94> Jan 15 15:38:07 <daemon.err> VM blacklistd[61748]: getnum: = /etc/blacklistd.conf, 15: Bad number for service [] [remote] [1:2:3:4::8]/64: * * * * * * =E2=80=94=E2=80=94> Jan 15 15:39:32 <daemon.err> VM blacklistd[61825]: getnum: = /etc/blacklistd.conf, 15: Bad number for service [] [remote] [1:2:3:4::8]/64:* * * * * * * =E2=80=94=E2=80=94> ok IPv4 addresses work as advertised, but bracketed IPv6 addresses need an = additional '/:*' Two questions: 1) bug or feature or misunderstanding from my side? 2) Can a wildcard '*' be used in the meaning of 'any port'? 2) Whitelisting for a defined time period I do have dynamically assigned IPv4 addresses from my internet provider = that change every 24 hrs for the corresponding domains, e.g.: test.tld # adr/mask:port type proto owner name nfail disable [remote] # dynamically assigned IPs: test.tld:22 * * * * * 24h When I do "abuse" my server out of 'test.tld' I get whitelisted, good, = but the expected 24h time period for removal of the corresponding IPv4 = address doesn't work as expected: VM> blacklistctl dump -ar address/ma:port id nfail remaining time 1.2.3.4/32:22 2/* never Question: Can this be done anyhow? Thanks in advance and regards, Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1C901D61-CF0D-4C0B-9702-CD9FB6A4FB51>