Date: Tue, 09 Apr 2019 10:31:11 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 237151] blacklistd(8) doesn't respect IPv6 address pools whitelisting Message-ID: <bug-237151-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237151 Bug ID: 237151 Summary: blacklistd(8) doesn't respect IPv6 address pools whitelisting Product: Base System Version: 11.2-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: zarychtam@plan-b.pwste.edu.pl Blacklistd(8) is a great tool and can be easily adapted to limit ssh probes= . It supports whitelisting address pools what is quite a handy feature because u= sers from trusted networks are allowed to mistype their passwords without being banned. This feature (whitelisting) doesn't work for IPv6 address pools. The daemon accepts IPv6 whitelisting in /etc/blacklistd.conf, but doesn't respect it. In the example given bellow only first, IPv4 pool is whitelisted, IPv6 pool= is ignored.=20 # adr/mask:port type proto owner name nfail dis= able [remote] x.x.x.0/24:ssh * * * =3D * = * [2001:x:x::/48]:ssh * * * =3D * = * --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-237151-227>