From owner-freebsd-questions@freebsd.org Mon Dec 5 00:53:24 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D178DC673D5 for ; Mon, 5 Dec 2016 00:53:24 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-pf0-x243.google.com (mail-pf0-x243.google.com [IPv6:2607:f8b0:400e:c00::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A2602EAC for ; Mon, 5 Dec 2016 00:53:24 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-pf0-x243.google.com with SMTP id 144so16102388pfv.0 for ; Sun, 04 Dec 2016 16:53:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=8vR4J0oym9exfmehHHLMxJrbh9DAM/4buw00i/fxtWQ=; b=F+JIY7Z/v9owvzBxp4eV8UPwIZ3OxuOcxEjX/ARPsrmQitYtCo/I+eacpcieINWiRK quYilX3qP4CdMIRQlrtsUz4eHZIHQQktSkd5hsP30V/9TVoRzd6YZQ74VSuqqB0Z8Q/n aUn2xWD8HxWeCsaBz8seYuU6kVwZlWUdayhd2vxaRZdvA6APoDB3aEnjwow4hO5EZPSS cApELHzyp4RTZQPs9BRR6oO3IqLx1d2SCJLd0LOyN2Y1X3dSuc24Yl/8BnfrMicAoplc Cr8baSIsFHBfSg/2dh7Mlyr1cImZl7scgOtoAUa0WbfGI4at5iIlhY2DfjhrCEFmeqG9 JNhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=8vR4J0oym9exfmehHHLMxJrbh9DAM/4buw00i/fxtWQ=; b=kyqxJRy6GNt38ZDUP4S5WY7sjuezwbqxiyhwce/IsDFg9ASe61VH9LFU+LeruUANRM SC2AadnGmyXIo6WIwUf3b8J7h0Qmjb/ProoiXMhDQw4ImrYGOI5ny9DXcFIQqozo2kNW nQwkd91qr9Z9pHwR3GkxIFiiOIO1GfIVbnTfgfeKzemPhlBLD+tHXDeCi6CGbdx21DaF 05Gf7LNkexLQWLHT8cXsaf9sXWPQ/EbI7fSYBlpXeH/4uhoVWimuHKuy8OOgaeLeA51I 7WFnH6b2m1TpEmanBw6oW8Rors9GDahjncxAIaVTQ98hn/GGsZCvyXfhX9EW45I8s1k7 nMpw== X-Gm-Message-State: AKaTC03pkhs17BWzHjUv5It0oeNyWF+PFT+7hvtVSV9xB4q+IwS4PDxybXLI/J3a5pumZQ== X-Received: by 10.99.114.2 with SMTP id n2mr97994902pgc.130.1480899204220; Sun, 04 Dec 2016 16:53:24 -0800 (PST) Received: from [192.168.1.103] ([120.29.76.121]) by smtp.googlemail.com with ESMTPSA id s8sm22498115pfj.45.2016.12.04.16.53.22 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 04 Dec 2016 16:53:23 -0800 (PST) Message-ID: <5844BA83.8030601@gmail.com> Date: Mon, 05 Dec 2016 08:53:23 +0800 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Anton Yuzhaninov CC: freebsd-questions@freebsd.org Subject: Re: blacklistd(8) - entries don't removed References: <5ee1dcc7-643b-a7b1-7d1c-1017599bdfe5@citrin.ru> In-Reply-To: <5ee1dcc7-643b-a7b1-7d1c-1017599bdfe5@citrin.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2016 00:53:24 -0000 Anton Yuzhaninov wrote: > Hi all. > > I started to use blacklistd(8) to protect sshd from bruteforce. > > Entries are added to ipfw table via controlprog but never removed. > > Blocked hosts after some time are removed from state database but even in > blacklistd -C /usr/local/libexec/blacklistd-helper -r -d -v > I see no attempts to run blacklistd-helper rem > > Database contains stale entries: > $ blacklistctl dump -ar > address/ma:port id nfail remaining time > 92.217.66.103/32:22 4/-1 -21d-38h-21m-38s > 92.76.193.217/32:22 4/-1 -11d-57h-2m-26s > 92.50.166.71/32:22 40/-1 -12d-29h-39m-57s > > but ipfw table contains much more hosts... > > Right now I have no time to debug this myself, but curious - does > anybody see same problems with blacklistd? Seems your the first person to use this new function in 11.0. Read its man page for email of person who ported this from openbsd and contact him directly.