Menu
▾
▴
Re: [Sshguard-users] Patch to fix blacklist loading with ipfw
|
From: Greg P. <gr...@n0...> - 2015-06-01 02:55:43
|
Hello Kevin, Compiled it on a test box (FreeBSD 10.1) and its working as expected. Now will put it on a machine that's connected to the outside and see what it picks up. Greg Kevin Zheng said: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 05/26/2015 22:08, Greg Putrich wrote: > > It would certainly keep the rules tidier. At 200 rules from > > sshguard, that's becoming a mess, but still manageable. For a > > popular Internet host, it could easily become thousands/tens of > > thousands which becomes silly in trying to manage the other normal > > rules. > > > > I think the table would be a good option to keep order to the rule > > set. While we would miss out on seeing which addresses are active, > > I don't think that is all of that big of a concern (at worst, clear > > the table to start over and the frequent pests would be blocked > > quickly again). > > The new backend is now available in the 'ipfw' branch of the Bitbucket > repository. This time I was able to actually test it, and it appears > to work reasonably well. In order to use it, you will need a rule like > the following in your ipfw ruleset: > > reset ip from table(22) to me > > Currently, SSHGuard uses a fixed table number, '22', to store > blacklisted addresses. This table is cleared when SSHGuard exits. > > If there are no issues with this backend, it should appear in the > 'master' branch and will be backported to 1.6. > > Thanks, > Kevin Zheng > > - -- > Kevin Zheng > kev...@gm... | ke...@kd... | PGP: 0xC22E1090 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJVaMmnAAoJEOrPD3bCLhCQ8M0IAJoxH6K6VeV8bnIO+jHsbajX > h4pj24yCg21ADorHQHrMU9JBKVQZXGNjuCYH/q7Fc4MQfofvGwx63WgwYhfq/6O6 > /IEtlLuCQ2ri6+pxrzV3np6o0VMajBPZcyWsepGA0aJcqeXFcKnP/9qki7bedTE1 > qlL3SWt7nluJRkcgJ29ou0tYQt6x5xNst4/8FU00v+BxY2WEk5XbbJ/bWlS4lxIW > t+XJHSLe/cqK9ylRvhXUw4f4Cs5epqWJTlP5fB0v4hTiZZ/hVYbpoVjbrlAHYmxa > Lhl/rGjik6URsU9e7XmQDc7TnM2ec8Sl+26zfJm/OvUyzwnwTmKI2SQRikBuW5E= > =wHdI > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
