blacklistd(8) - entries don't removed
Anton Yuzhaninov
citrin+bsd at citrin.ru
Tue Dec 20 16:16:40 UTC 2016
On 12/04/16 19:53, Ernie Luzar wrote:
> Anton Yuzhaninov wrote:
>> I started to use blacklistd(8) to protect sshd from bruteforce.
>>
>> Entries are added to ipfw table via controlprog but never removed.
>>
>> Blocked hosts after some time are removed from state database but even in
>> blacklistd -C /usr/local/libexec/blacklistd-helper -r -d -v
>> I see no attempts to run blacklistd-helper rem
It turned out, that blacklistd expects string OK from blacklistd-helper
script.
echo 'OK'
in script is workaround working for me.
Some time ago this was committed to head:
https://svnweb.freebsd.org/changeset/base/306695
This behavior of blacklistd is unexpected and undocumented in man though.
> Seems your the first person to use this new function in 11.0. Read its
> man page for email of person who ported this from openbsd and contact
> him directly.
It was ported from NetBSD and in NetBSD 7.0.2 blacklistd has the same
problem - script should print 'OK' string.
I don't like this, but it seems to be not a bug, but a bad designed feature.
More information about the freebsd-questions
mailing list