12.2 release, blacklistd with ipfw gives error
Kris von Mach
mach at swishmail.com
Mon Nov 2 09:52:31 UTC 2020
Hello,
I've upgraded a working blacklistd with ipfw server from 12.1 to 12.2
and now it gives the following error:
blacklistd[51583]: getnum: /etc/blacklistd.conf, 22: Bad number for
service []
My config:
rc.conf:
blacklistd_enable="YES" #
activates blacklistd
sshd_flags="-o UseBlackList=yes" # instruct sshd to report to
blacklistd
firewall_enable="YES"
firewall_type="OPEN"
blacklistd_flags="-f"
/etc/ipfw-blacklist.rc exists:
-rw-r--r-- 1 root wheel 0 Nov 4 2018 /etc/ipfw-blacklist.rc
blacklistd.conf:
# $FreeBSD: releng/12.2/usr.sbin/blacklistd/blacklistd.conf 336977
2018-07-31 16:39:38Z brd $
#
# Blacklist rule
# adr/mask:port type proto owner name nfail disable
[local]
ssh stream * * * 3 24h
ftp stream * * * 3 24h
smtp stream * * * 3 24h
submission stream * * * 3 24h
#6161 stream tcp6 christos * 2 10m
* * * * * 3 60
# adr/mask:port type proto owner name nfail disable
[remote]
#129.168.0.0/16 * * * = * *
#6161 = = = =/24 = =
#* stream tcp * = = =
services are running:
root 37234 0.0 0.0 19600 8224 - Is 04:41 0:00.00
/usr/sbin/sshd -o UseBlackList=yes
root 52033 0.0 0.0 11740 2840 - Ss 04:41 0:00.00
/usr/sbin/blacklistd -f
ipfw list
00001 deny ip from table(1) to me
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any icmp6types 1
01000 allow ipv6-icmp from any to any icmp6types 2,135,136
65000 allow ip from any to any
65535 deny ip from any to any
table port22 isn't created
Is this a bug or am I missing some change in the config?
More information about the freebsd-stable
mailing list