Date: Mon, 16 Jan 2023 15:43:03 +0100 From: Michael Grimm <trashcan@ellael.org> To: freebsd-questions@freebsd.org Subject: blacklistd Message-ID: <1C901D61-CF0D-4C0B-9702-CD9FB6A4FB51@ellael.org>
next in thread | raw e-mail | index | archive | help
[FreeBSD 13.1-STABLE stable/13-n253468-16dd69d46577]
Hi,
I recently configured blacklistd in order to get sshd and postfix =
submission monitored.=20
It works sofar, but I do have some questions/observations to share:
1) IPv6 addresses in /etc/blacklistd.conf
According to the man page BLACKLISTD.CONF(5) I tried to get IPv6 =
addresses whitelisted in section [remote] like:
The first field denotes the location as an address, mask, and =
port. The
syntax for the location is:
[<address>|<interface>][/<mask>][:<port>]
The address can be an IPv4 address in numeric format, an IPv6 =
address in
numeric format and enclosed by square brackets, or an interface =
name.
But this doesn't work as stated in the man page:
# adr/mask:port type proto owner name nfail disable
[remote]
[1:2:3:4::8] * * * * * *
=E2=80=94=E2=80=94>
Jan 15 15:40:17 <daemon.err> VM blacklistd[61944]: getnum: =
/etc/blacklistd.conf, 15: Bad number for service []
[remote]
[1:2:3:4::8]/64 * * * * * *
=E2=80=94=E2=80=94>
Jan 15 15:38:07 <daemon.err> VM blacklistd[61748]: getnum: =
/etc/blacklistd.conf, 15: Bad number for service []
[remote]
[1:2:3:4::8]/64: * * * * * *
=E2=80=94=E2=80=94>
Jan 15 15:39:32 <daemon.err> VM blacklistd[61825]: getnum: =
/etc/blacklistd.conf, 15: Bad number for service []
[remote]
[1:2:3:4::8]/64:* * * * * * *
=E2=80=94=E2=80=94>
ok
IPv4 addresses work as advertised, but bracketed IPv6 addresses need an =
additional '/:*'
Two questions:
1) bug or feature or misunderstanding from my side?
2) Can a wildcard '*' be used in the meaning of 'any port'?
2) Whitelisting for a defined time period
I do have dynamically assigned IPv4 addresses from my internet provider =
that change every 24 hrs for the corresponding domains, e.g.: test.tld
# adr/mask:port type proto owner name nfail disable
[remote]
# dynamically assigned IPs:
test.tld:22 * * * * * 24h
When I do "abuse" my server out of 'test.tld' I get whitelisted, good, =
but the expected 24h time period for removal of the corresponding IPv4 =
address doesn't work as expected:
VM> blacklistctl dump -ar
address/ma:port id nfail remaining time
1.2.3.4/32:22 2/* never
Question: Can this be done anyhow?
Thanks in advance and regards,
Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1C901D61-CF0D-4C0B-9702-CD9FB6A4FB51>