Importing NetBSD's blacklist project into FreeBSD
Kurt Lidl
lidl at FreeBSD.org
Thu Apr 14 01:56:57 UTC 2016
Greetings all -
This is just a quick note to alert the FreeBSD development community
that I've posted a review for the import of the NetBSD "blacklist"
project into FreeBSD.
The reviews for the basic import and hookup of the blacklist system
into the build process are here:
https://reviews.freebsd.org/D5912
https://reviews.freebsd.org/D5913
The rational behind the system is given in the first referenced
review, which is Christos Zoulas' presentation at vBSDcon 2015.
I think the system is a very reasonable framework to allow for
real-time notification of attacks, feeding to a single daemon
process, which maintains a persistent on-disk database. The daemon
can then invoke a helper script to affect packet filtering changes
as needed. It's driven from a text configuration file, and it is
pretty easy to add support to more programs in the future.
Thanks for your interest, and I look forward to any discussion
about the merits of the system and the patches to implement it
in FreeBSD.
Thanks.
-Kurt
More information about the freebsd-hackers
mailing list