Menu
▾
▴
Re: [Sshguard-users] New ipfw backend
|
From: SASAKI K. <cr...@sa...> - 2015-06-22 04:44:12
|
Hi.
> In light of the recent `ipfw` issues I've decided to re-implement the
> `ipfw` backend using the command framework that is used for nearly all
> of the other backends.
>
Great!
> Please don't test this in a production environment, and if you test it
> at all, be aware that bad things can happen. Please take a look at the
> patch before you try to run this code.
>
I tested the patch with 1.6.0 on my FreeBSD 10.1R/i386. Two problems
below are found.
1. In the viewpoint of ipfw , tables are specified by number (0 to
65535). We can't assign the name like "sshguard" for tables. It
became necessary to replace "sshguard" with some number (22, for
example).
2. Command "ipfw table [table number] add" can receive only one target
(IP address, and some other search keys) at a time. Using loop in
"COMMAND_BLOCK_LIST" looks reasonable for me.
Attached is patch for
0001-Reimplement-ipfw-backend-using-command-framework.patch.
Thank you.
--
SASAKI Katuhiro
mailto: cr...@sa...
|
