Date: Mon, 17 Apr 2023 13:38:35 -0700 From: Doug Hardie <bc979@lafn.org> To: questions@freebsd.org Subject: Blacklistd Issues Message-ID: <C632EC86-6745-42F9-A5EE-FE604C7A8599@sermon-archive.info>
next in thread | raw e-mail | index | archive | help
--Apple-Mail=_ABFDB59E-6D16-48BF-BDE8-E5C43C1D1EA6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I have been implementing blacklistd. It works fine with postfix and my = web server. However, sshd is not working. I have enabled the = UseBlacklistd configuration line. However, no amount of invalid = id/passwords generate an entry in either blacklistd or pf. Running = ktrace with invalid web requests on blacklistd shows that it obtains the = endpoints properly and calls the helper to do the work. However, when = sending invalid id/passwords via ssh, blacklistd does receive the proper = packets from sshd and it obtains the endpoints, but just ends. It never = calls the helper. I have the entry in blacklistd.conf for that port, = and blacklistd has been restarted many times. Any ideas what I need to = do to get blacklistd to record the calls. There is no table in pf for = that port. However, it appears there needs to be at least one call to = make the table appear. -- Doug --Apple-Mail=_ABFDB59E-6D16-48BF-BDE8-E5C43C1D1EA6 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"content-type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"overflow-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;">I have been = implementing blacklistd. It works fine with postfix and my web = server. However, sshd is not working. I have enabled the = UseBlacklistd configuration line. However, no amount of invalid = id/passwords generate an entry in either blacklistd or pf. Running = ktrace with invalid web requests on blacklistd shows that it obtains the = endpoints properly and calls the helper to do the work. However, = when sending invalid id/passwords via ssh, blacklistd does receive the = proper packets from sshd and it obtains the endpoints, but just ends. = It never calls the helper. I have the entry in = blacklistd.conf for that port, and blacklistd has been restarted many = times. Any ideas what I need to do to get blacklistd to record the = calls. There is no table in pf for that port. However, it = appears there needs to be at least one call to make the table = appear.<div><br><div> <div>-- Doug</div> </div> <br></div></body></html>= --Apple-Mail=_ABFDB59E-6D16-48BF-BDE8-E5C43C1D1EA6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C632EC86-6745-42F9-A5EE-FE604C7A8599>