From owner-freebsd-hackers@freebsd.org Thu Apr 14 02:47:09 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E8B31B0F212 for ; Thu, 14 Apr 2016 02:47:09 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AD6D31335; Thu, 14 Apr 2016 02:47:09 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.15.2/8.15.2) with ESMTPS id u3E2l7SJ019161 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 13 Apr 2016 20:47:07 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id u3E2l7sK019158; Wed, 13 Apr 2016 20:47:07 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Wed, 13 Apr 2016 20:47:07 -0600 (MDT) From: Warren Block To: Kurt Lidl cc: freebsd-hackers@freebsd.org Subject: Re: Importing NetBSD's blacklist project into FreeBSD In-Reply-To: <570EF8DF.3020408@FreeBSD.org> Message-ID: References: <570EF8DF.3020408@FreeBSD.org> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Wed, 13 Apr 2016 20:47:07 -0600 (MDT) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 02:47:10 -0000 On Wed, 13 Apr 2016, Kurt Lidl wrote: > Greetings all - > > This is just a quick note to alert the FreeBSD development community > that I've posted a review for the import of the NetBSD "blacklist" > project into FreeBSD. > > The reviews for the basic import and hookup of the blacklist system > into the build process are here: > > https://reviews.freebsd.org/D5912 > https://reviews.freebsd.org/D5913 > > The rational behind the system is given in the first referenced > review, which is Christos Zoulas' presentation at vBSDcon 2015. The first review has a link to the video: https://youtu.be/fuuf8G28mjs > I think the system is a very reasonable framework to allow for > real-time notification of attacks, feeding to a single daemon > process, which maintains a persistent on-disk database. The daemon > can then invoke a helper script to affect packet filtering changes > as needed. It's driven from a text configuration file, and it is > pretty easy to add support to more programs in the future. > > Thanks for your interest, and I look forward to any discussion > about the merits of the system and the patches to implement it > in FreeBSD. After seeing that review yesterday and thinking it sounded interesting, I watched the video. After looking at today's maillog, I have gone from just being interested to really wanting it. And a patch for sendmail to use it. Thank you for working on this!