[Bug 237151] blacklistd(8) doesn't respect IPv6 address pools whitelisting
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Apr 9 10:31:13 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237151
Bug ID: 237151
Summary: blacklistd(8) doesn't respect IPv6 address pools
whitelisting
Product: Base System
Version: 11.2-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: bugs at FreeBSD.org
Reporter: zarychtam at plan-b.pwste.edu.pl
Blacklistd(8) is a great tool and can be easily adapted to limit ssh probes. It
supports whitelisting address pools what is quite a handy feature because users
from trusted networks are allowed to mistype their passwords without being
banned. This feature (whitelisting) doesn't work for IPv6 address pools.
The daemon accepts IPv6 whitelisting in /etc/blacklistd.conf, but doesn't
respect it.
In the example given bellow only first, IPv4 pool is whitelisted, IPv6 pool is
ignored.
# adr/mask:port type proto owner name nfail disable
[remote]
x.x.x.0/24:ssh * * * = * *
[2001:x:x::/48]:ssh * * * = * *
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list