Date: Tue, 20 Dec 2016 11:16:29 -0500 From: Anton Yuzhaninov <citrin+bsd@citrin.ru> To: freebsd-questions@freebsd.org Subject: Re: blacklistd(8) - entries don't removed Message-ID: <ae3f5321-c78a-c6cd-e9b7-45d55f6a657d@citrin.ru> In-Reply-To: <5844BA83.8030601@gmail.com> References: <5ee1dcc7-643b-a7b1-7d1c-1017599bdfe5@citrin.ru> <5844BA83.8030601@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/04/16 19:53, Ernie Luzar wrote: > Anton Yuzhaninov wrote: >> I started to use blacklistd(8) to protect sshd from bruteforce. >> >> Entries are added to ipfw table via controlprog but never removed. >> >> Blocked hosts after some time are removed from state database but even in >> blacklistd -C /usr/local/libexec/blacklistd-helper -r -d -v >> I see no attempts to run blacklistd-helper rem It turned out, that blacklistd expects string OK from blacklistd-helper script. echo 'OK' in script is workaround working for me. Some time ago this was committed to head: https://svnweb.freebsd.org/changeset/base/306695 This behavior of blacklistd is unexpected and undocumented in man though. > Seems your the first person to use this new function in 11.0. Read its > man page for email of person who ported this from openbsd and contact > him directly. It was ported from NetBSD and in NetBSD 7.0.2 blacklistd has the same problem - script should print 'OK' string. I don't like this, but it seems to be not a bug, but a bad designed feature.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ae3f5321-c78a-c6cd-e9b7-45d55f6a657d>