Menu
▾
▴
Re: [Sshguard-users] Patch to fix blacklist loading with ipfw
|
From: Greg P. <gr...@n0...> - 2015-05-27 03:08:46
|
Kevin Zheng said: > You should consider checking out the latest sources from the Bitbucket > repository. That might be easier to work with than running from ports. Will give that a shot. > I'm not entirely certain why it was truncated, either. 979 characters from /sbin all the way to the last digit diplayed. > It would end up being similar to how `pf` is currently handled: you > create a table 'sshguard', then SSHGuard would be responsible for adding > and removing addresses from the table. This means that SSHGuard wouldn't > have to fiddle with rule numbers. Thoughts? It would certainly keep the rules tidier. At 200 rules from sshguard, that's becoming a mess, but still manageable. For a popular Internet host, it could easily become thousands/tens of thousands which becomes silly in trying to manage the other normal rules. I think the table would be a good option to keep order to the rule set. While we would miss out on seeing which addresses are active, I don't think that is all of that big of a concern (at worst, clear the table to start over and the frequent pests would be blocked quickly again). Greg |
