NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: blacklistd



In article <a78ccf62-b1ca-fe51-13e8-3c4aa6e0ad38%gmail.com@localhost>,
Jan Danielsson  <jan.m.danielsson%gmail.com@localhost> wrote:
>Hello,
>
>   Two questions regarding blacklistd[.conf]:
>
>   1) Is it possible to block the host, not specifically the service?
>I.e. if host A.B.C.D keeps in trying to dictionary attack ssh, is it
>possible to block A.B.C.D not limited to port 22?

No, there is no way to currently do that. I could add it, but the original
intention was to protect at the service level.

>   2) When I try to set the block duration to 30d in blacklistd.conf, it
>only seems to block 5-6 days.  A visual inspection of getsecs() in
>conf.c doesn't yield an obvious explicit limitation.  Should 30d work,
>or is there a limit imposed elsewhere?

I don't see one, but there could be a bug...

christos



Home | Main Index | Thread Index | Old Index