From owner-freebsd-questions@freebsd.org  Mon Nov  6 15:12:16 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 651A3E6040E
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon,  6 Nov 2017 15:12:16 +0000 (UTC) (envelope-from gmx@ross.cx)
Received: from www81.your-server.de (www81.your-server.de [213.133.104.81])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2E2957284F
 for <freebsd-questions@freebsd.org>; Mon,  6 Nov 2017 15:12:15 +0000 (UTC)
 (envelope-from gmx@ross.cx)
Received: from [90.187.37.173] (helo=workstation)
 by www81.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES128-GCM-SHA256:128)
 (Exim 4.85_2) (envelope-from <gmx@ross.cx>)
 id 1eBibO-00066L-Q6; Mon, 06 Nov 2017 15:42:15 +0100
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: freebsd-questions <freebsd-questions@freebsd.org>, "Cos Chan"
 <rosettas@gmail.com>
Subject: Re: How to setup IPFW working with blacklistd
References: <CAKV+xLBoxGRXHQZa7kcgnFcw9Q9+f2j9G4LF4ZCb8mwgqGLi=g@mail.gmail.com>
Date: Mon, 06 Nov 2017 15:42:03 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Michael Ross" <gmx@ross.cx>
Message-ID: <op.y9adsis8g7njmm@workstation>
In-Reply-To: <CAKV+xLBoxGRXHQZa7kcgnFcw9Q9+f2j9G4LF4ZCb8mwgqGLi=g@mail.gmail.com>
User-Agent: Opera Mail/1.0 (Win32)
X-Authenticated-Sender: gmx@ross.cx
X-Virus-Scanned: Clear (ClamAV 0.99.2/24019/Mon Nov  6 14:06:54 2017)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 15:12:16 -0000

Am .11.2017, 09:38 Uhr, schrieb Cos Chan <rosettas@gmail.com>:

> Hi All
>
> I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1.
>
> my blacklistd is working fine to get sshd failed login attempts.
> The out put:
>
> $ sudo blacklistctl dump -b
>         address/ma:port id      nfail   last access
>  1.1.1.1/32:22           3/-1    2017/11/05 01:05:34
>  2.2.2.2/32:22           3/-1    2017/11/05 13:22:53
>
> but I can't find information how to use the blacklistd database in IPFW
> from IPFW manpage
>
> would anybody explain that to me?
>

Have a look at this:

https://people.freebsd.org/~lidl/blacklistd.html

	blacklistd_enable="YES"
	blacklistd_flags="-r"
	sshd_flags="-o UseBlacklist=yes"


Never tried it myself.

Regards,

Michael