NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/54168: Wrong IPv6 parsing in blacklistd.conf(5)

>Number:         54168
>Category:       bin
>Synopsis:       blacklistd.conf requires dummy port wildcard with IPv6 networks
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 06 13:40:00 +0000 2019
>Originator:     Martin Neitzel
>Release:        NetBSD 7.2_STABLE 2019-05-05
	Gaertner Datensysteme, Marshlabs
System: NetBSD 7.2_STABLE NetBSD 7.2_STABLE (GENERIC) #10: Mon May 6 00:23:20 CEST 2019 amd64
Architecture: x86_64
Machine: amd64

Specifying an IPV6 network without a port specification in the
blacklistd.conf(5)  "[remote]" section (elicits an error message

	blacklistd[706]: getnum: /etc/blacklistd.conf, 16: Bad number for service []

to be logged.  The same syntax works just fine for IPv4 networks
(and is part of the /usr/share/examples/blacklist/blacklistd.conf

Add a whitelisting entry such as

	[2a00:1030:100::]/48  *       *       *       *       *       *

to your blacklistd.conf,

	/etc/rc.d/blacklistd restart

	tail /var/log/messages

or whatever to see the complaint about the "bad service".

It is unclear whether such a configuration entry line is completely ignored
or in use nevertheless.  (It would be nice if blacklistctl(8) could reflect
the loaded ruleset.)


Use a dummy wildcard port sepcification like this:

[2a00:1030:100::]/48:*  *       *       *       *       *       *


Home | Main Index | Thread Index | Old Index