From owner-svn-ports-head@freebsd.org Tue Oct 13 14:54:57 2015 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F4FF9D2AB9; Tue, 13 Oct 2015 14:54:57 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1976D1F31; Tue, 13 Oct 2015 14:54:57 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t9DEsukI055731; Tue, 13 Oct 2015 14:54:56 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t9DEsucV055730; Tue, 13 Oct 2015 14:54:56 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201510131454.t9DEsucV055730@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Tue, 13 Oct 2015 14:54:56 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r399196 - head X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Oct 2015 14:54:57 -0000 Author: feld Date: Tue Oct 13 14:54:55 2015 New Revision: 399196 URL: https://svnweb.freebsd.org/changeset/ports/399196 Log: Document security/sshguard-ipfw 1.6.2 changes Modified: head/UPDATING Modified: head/UPDATING ============================================================================== --- head/UPDATING Tue Oct 13 14:28:00 2015 (r399195) +++ head/UPDATING Tue Oct 13 14:54:55 2015 (r399196) @@ -5,6 +5,25 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20151013: + AFFECTS: users of security/sshguard-ipfw + AUTHOR: feld@FreeBSD.org + + The sshguard update to 1.6.2 introduces a rewritten IPFW backend. The + previous approach was to insert individual block rules with a + predefined numbered range. This does not scale well and is not + flexible so the design was scrapped. The new approach utilizes IPFW + tables. The sshguard IPFW backend now inserts offenders into hardcoded + table 22. + + To continue blocking the attackers effectively you will need to add a + block rule like the following: + + ipfw add deny all from 'table(22)' to any + + The release announcement can be found here: + http://sourceforge.net/p/sshguard/mailman/message/34534861/ + 20151011: AFFECTS: users of emulators/qemu-sbruno, emulators/qemu-user-static AUTHOR: sbruno@FreeBSD.org