Menu
▾
▴
[SSHGuard-users] [Proposal] Handle last octet range in Whitelists
|
From: Kevin B. <kev...@gm...> - 2020-06-26 06:51:17
|
Hi there, in an ideal world, groups of related hosts would always be assigned IP addresses that saw all of the group lying within "nice" sets of CIDR boundary ranges. Well, it's not an ideal world, and a lot people still aren't falling asleep at night thinking about CIDR boundaries. With that in mind, I was hoping to use the SSHGuard codebase so as to handle a set of IPv4 addresses that some people only ever think of, in terms of aaa.bbb.ccc.[ddd.eee] and found it didn't handle them, however, I thought it could. It can. The attached patch adds a block of code to src/blocker/sshguard_whitelist.c that does allow people, who have better things to fall asleep at night thinking about to, to have entries in whitelist files that adhere to that non-CIDR format. I tried it against various instances of aaa.bbb.ccc.[143-220] and, whilst I wouldn't recommend anyone should do that, I did see the expected sshguard[12345]: whitelist: add plain IPv4 aaa.bbb.cc.143. ... sshguard[12345]: whitelist: add plain IPv4 146.118.38.220. set of entries being added. It's yours if you want it: it may need some extra checking. Note that this is IPv4 only: after all, who falls asleep at night thinking about IPv6 addresses? Kevin |
