From owner-freebsd-questions@freebsd.org Mon Nov 6 12:53:05 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6624DE5D8E8 for ; Mon, 6 Nov 2017 12:53:05 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EC5A46E2AF for ; Mon, 6 Nov 2017 12:53:04 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x234.google.com with SMTP id p75so13583318wmg.3 for ; Mon, 06 Nov 2017 04:53:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=iTZKb7PKvnzP8S6s3EDazSM8DelBBCBjX4MkIQTJB90=; b=U5C1+6u8ZkhUD7syaRhU7lKcyA+5wq9mE9HRB3D41dmW/+6sbJrQJWW0jONwOzyIZv qo1Efe6PIBx8ydAfxGpiy285X3aosUreqE8cLDdV0bdvCJTa/wLF7q3IQdiumbEN3wOC YAZ5eCm0k1U/1EbRvv+5Gp349a+7wAmGWPb2psS8zwoHPNgUrgWPf7u3cQPDHEg4blqC MaQSadoSxlN5w1aM9zBuokII7UWi7ZQwTIER8Xm162M9iDQi8r30GLCU16qisiSW+sGQ s+MY9EMDSRzDb3HiGSw69EX+Fe/7h+vHJVdrwJ86qgXe0EIs7gVzBfcVQq2tNHHChAdF it0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=iTZKb7PKvnzP8S6s3EDazSM8DelBBCBjX4MkIQTJB90=; b=NBv1528zktgey5/pam5ildFNoteyofh0u9ehnRqy3YMb3ywydkDIxXR3p5tDSYIpBv OA0qZ6i0sLIGVAj0NuAHH67Ic2iWRubYaMPCftWHRtp/2Mzs7f/HAVU4cfQX/gEe6xhY aZS2pcrA4k9pTFoEkqBdQ84h8VFnd/you6kQ//5xJQl+UzLkHXLhdHrSQdvcP8lztzAe KSnMyE2W4bcxuQ3hqeyJm8EHxHxxlcOmLGB0vHMBaY8x6ZyJB1HFY7+6KNmoMVY4yqvE 4WpuR+GcnPNXogGzcaZxZNZ1IG+hUUy7BeuYYjKrrMsrvHShI4tQWVof3X524kUhucFh fxfA== X-Gm-Message-State: AJaThX7Q4ZArZZxMvfgryz6aEP/UpDENRhENJLvga+DZ51xqhaEOuHmF yzY1Btrsvck3fXztyad9+612TclDRifsX2qWSsqox+xp X-Google-Smtp-Source: ABhQp+RumKYgOFZ1ooJEwKGQLpPKYSvJ4RokO2GYShOeEKBFtKK/HXrn+xu4IKeeEtowv3KuZNBDmWK6BiucCDFpqnw= X-Received: by 10.28.126.146 with SMTP id z140mr5762760wmc.126.1509972782301; Mon, 06 Nov 2017 04:53:02 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.10.76 with HTTP; Mon, 6 Nov 2017 04:53:01 -0800 (PST) In-Reply-To: References: From: Cos Chan Date: Mon, 6 Nov 2017 13:53:01 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: FreeBSD Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 12:53:05 -0000 On Mon, Nov 6, 2017 at 12:35 PM, Carmel NY wrote: > On Mon, 6 Nov 2017 09:38:40 +0100, Cos Chan stated: > > >I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. > > > >my blacklistd is working fine to get sshd failed login attempts. > >The out put: > > > >$ sudo blacklistctl dump -b > > address/ma:port id nfail last access > > 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 > > 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 > > > >but I can't find information how to use the blacklistd database in IPFW > >from IPFW manpage > > > >would anybody explain that to me? > > I have no personal knowledge of "blacklistd"; however, it seems that there > should be a way of using "blacklistctl dump" in conjunction with "sed" or > perhaps "awk" to create a list that could then be fed to "ipfw". > > If you could send me the output of a "blacklistctl dump -bn", I could take > a > look at it for you. > > Here is the output, thanks in advance. $ blacklistctl dump -bn 122.114.165.60/32:22 3/-1 2017/11/05 01:05:34 190.85.103.147/32:22 3/-1 2017/11/05 13:22:53 201.178.120.26/32:22 3/-1 2017/11/06 11:12:21 202.29.238.153/32:22 3/-1 2017/11/05 06:06:01 182.73.165.170/32:22 3/-1 2017/11/05 14:10:25 221.143.48.178/32:22 5/-1 2017/11/05 16:42:41 79.231.116.229/32:22 3/-1 2017/11/05 01:28:14 82.146.55.148/32:22 5/-1 2017/11/05 07:11:08 190.110.193.66/32:22 6/-1 2017/11/05 11:34:14 123.207.17.180/32:22 3/-1 2017/11/05 12:20:47 123.122.237.13/32:22 3/-1 2017/11/05 14:38:37 59.63.182.63/32:22 3/-1 2017/11/05 22:50:07 106.246.253.242/32:22 6/-1 2017/11/06 05:38:54 181.113.74.63/32:22 3/-1 2017/11/05 23:12:20 202.150.141.226/32:22 6/-1 2017/11/06 05:49:00 202.210.181.191/32:22 6/-1 2017/11/05 05:34:00 106.247.228.75/32:22 3/-1 2017/11/05 17:12:57 117.3.146.38/32:22 0/-1 1970/01/01 01:00:00 124.193.150.157/32:22 3/-1 2017/11/06 09:23:56 134.249.137.72/32:22 0/-1 1970/01/01 01:00:00 This list were generated by sshd automatically. In case to use sed or awk to create list for "ipfw", is that possible also automatically updated? > -- > Carmel > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > -- with kind regards