blacklistd
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 16 Jan 2023 14:43:03 UTC
[FreeBSD 13.1-STABLE stable/13-n253468-16dd69d46577] Hi, I recently configured blacklistd in order to get sshd and postfix submission monitored. It works sofar, but I do have some questions/observations to share: 1) IPv6 addresses in /etc/blacklistd.conf According to the man page BLACKLISTD.CONF(5) I tried to get IPv6 addresses whitelisted in section [remote] like: The first field denotes the location as an address, mask, and port. The syntax for the location is: [<address>|<interface>][/<mask>][:<port>] The address can be an IPv4 address in numeric format, an IPv6 address in numeric format and enclosed by square brackets, or an interface name. But this doesn't work as stated in the man page: # adr/mask:port type proto owner name nfail disable [remote] [1:2:3:4::8] * * * * * * ——> Jan 15 15:40:17 <daemon.err> VM blacklistd[61944]: getnum: /etc/blacklistd.conf, 15: Bad number for service [] [remote] [1:2:3:4::8]/64 * * * * * * ——> Jan 15 15:38:07 <daemon.err> VM blacklistd[61748]: getnum: /etc/blacklistd.conf, 15: Bad number for service [] [remote] [1:2:3:4::8]/64: * * * * * * ——> Jan 15 15:39:32 <daemon.err> VM blacklistd[61825]: getnum: /etc/blacklistd.conf, 15: Bad number for service [] [remote] [1:2:3:4::8]/64:* * * * * * * ——> ok IPv4 addresses work as advertised, but bracketed IPv6 addresses need an additional '/:*' Two questions: 1) bug or feature or misunderstanding from my side? 2) Can a wildcard '*' be used in the meaning of 'any port'? 2) Whitelisting for a defined time period I do have dynamically assigned IPv4 addresses from my internet provider that change every 24 hrs for the corresponding domains, e.g.: test.tld # adr/mask:port type proto owner name nfail disable [remote] # dynamically assigned IPs: test.tld:22 * * * * * 24h When I do "abuse" my server out of 'test.tld' I get whitelisted, good, but the expected 24h time period for removal of the corresponding IPv4 address doesn't work as expected: VM> blacklistctl dump -ar address/ma:port id nfail remaining time 1.2.3.4/32:22 2/* never Question: Can this be done anyhow? Thanks in advance and regards, Michael