Menu
▾
▴
[SSHGuard-users] Feature request and suggested patch to merge attacks from subnets
|
From: Testudo A. <tes...@po...> - 2021-01-09 17:55:10
|
Hello, as sshguard already has the feature to block subnets after an attack, I would suggest to also merge attacks of the configured subnets. Especially for IPv6 this would be quite useful because attackers might have larger subnets available and could otherwise flood with attacks from individual IPv6 addresses without getting blocked, as attacks are counted individually. The attached patch implements this to the best of my knowledge, so a review would not harm. It basically uses arpa/inet.h functions, which are also used in sshguard_whitelist.c. It parses the IP address into integer format, applies the mask and writes the resulting address back before further handling the attack. The patch does what I would like to have as behavior when setting the subnet config-variables, so using the same subnet-size for blocking and merging is a feature from my point of view. But if this conflicts with other use-cases, it might be considered to have 2 separate subnet-size command-line flags and config variables for merging and for blocking. Best regards, Andreas |
