Re: security/portsentry removal

From: Pete Wright <>
Date: Sat, 08 Apr 2023 13:55:24 UTC
On 4/8/23 12:47 AM, Andrea Venturoli wrote:
> On 4/8/23 04:56, Mel Pilgrim wrote:
>>> Can anyone suggest something equivalent in the port tree?
>> Have a look at fail2ban.  It's design intent is monitoring running 
>> services, but really it's just a set of log file regex filters. 
>> Anything that logs network activity can feed it.
> Hello and thanks for answering.
> In fact I'm already using fail2ban for "running" services.
> Portsenty is a bit different, in that it's conceived to listen on 
> ports used by non-running services.
> I.e.
> Got a SMTP server? Let fail2ban check its logs.
> No? Let portsentry listen on port 25.
> I thought about writing regexes for fail2ban to check if ipfw denied 
> access to ports where portsentry used to listen.
> So far it's the best idea I've come up with, but I hoped for something 
> simpler (i.e. more close to how portsentry worked).

would blacklistd(8) meet your requirements?  i use it to block ssh login 
spammers with decent success.  its part of the base system as well, but 
does require pf.