Date: Mon, 6 Nov 2017 13:53:01 +0100 From: Cos Chan <rosettas@gmail.com> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: How to setup IPFW working with blacklistd Message-ID: <CAKV%2BxLCmUdC8oKLXRnk3sa0Fbu91cSxxj=AgPXL5G0CEDUVMsA@mail.gmail.com> In-Reply-To: <BN6PR2001MB1730ECF2B323549698C4566180500@BN6PR2001MB1730.namprd20.prod.outlook.com> References: <CAKV%2BxLBoxGRXHQZa7kcgnFcw9Q9%2Bf2j9G4LF4ZCb8mwgqGLi=g@mail.gmail.com> <BN6PR2001MB1730ECF2B323549698C4566180500@BN6PR2001MB1730.namprd20.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 6, 2017 at 12:35 PM, Carmel NY <carmel_ny@outlook.com> wrote: > On Mon, 6 Nov 2017 09:38:40 +0100, Cos Chan stated: > > >I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. > > > >my blacklistd is working fine to get sshd failed login attempts. > >The out put: > > > >$ sudo blacklistctl dump -b > > address/ma:port id nfail last access > > 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 > > 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 > > > >but I can't find information how to use the blacklistd database in IPFW > >from IPFW manpage > > > >would anybody explain that to me? > > I have no personal knowledge of "blacklistd"; however, it seems that there > should be a way of using "blacklistctl dump" in conjunction with "sed" or > perhaps "awk" to create a list that could then be fed to "ipfw". > > If you could send me the output of a "blacklistctl dump -bn", I could take > a > look at it for you. > > Here is the output, thanks in advance. $ blacklistctl dump -bn 122.114.165.60/32:22 3/-1 2017/11/05 01:05:34 190.85.103.147/32:22 3/-1 2017/11/05 13:22:53 201.178.120.26/32:22 3/-1 2017/11/06 11:12:21 202.29.238.153/32:22 3/-1 2017/11/05 06:06:01 182.73.165.170/32:22 3/-1 2017/11/05 14:10:25 221.143.48.178/32:22 5/-1 2017/11/05 16:42:41 79.231.116.229/32:22 3/-1 2017/11/05 01:28:14 82.146.55.148/32:22 5/-1 2017/11/05 07:11:08 190.110.193.66/32:22 6/-1 2017/11/05 11:34:14 123.207.17.180/32:22 3/-1 2017/11/05 12:20:47 123.122.237.13/32:22 3/-1 2017/11/05 14:38:37 59.63.182.63/32:22 3/-1 2017/11/05 22:50:07 106.246.253.242/32:22 6/-1 2017/11/06 05:38:54 181.113.74.63/32:22 3/-1 2017/11/05 23:12:20 202.150.141.226/32:22 6/-1 2017/11/06 05:49:00 202.210.181.191/32:22 6/-1 2017/11/05 05:34:00 106.247.228.75/32:22 3/-1 2017/11/05 17:12:57 117.3.146.38/32:22 0/-1 1970/01/01 01:00:00 124.193.150.157/32:22 3/-1 2017/11/06 09:23:56 134.249.137.72/32:22 0/-1 1970/01/01 01:00:00 This list were generated by sshd automatically. In case to use sed or awk to create list for "ipfw", is that possible also automatically updated? > -- > Carmel > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > -- with kind regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKV%2BxLCmUdC8oKLXRnk3sa0Fbu91cSxxj=AgPXL5G0CEDUVMsA>