NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
misc/57905: blocklistd.conf and ipv6
>Number: 57905
>Category: misc
>Synopsis: blocklistd.conf issues with ipv6
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: misc-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Feb 05 02:50:01 +0000 2024
>Originator: Mark Davies
>Release: NetBSD 10.0_RC3
>Organization:
ECS, Victoria Uni. of Wellington, New Zealand.
>Environment:
System: NetBSD smb2.ecs.vuw.ac.nz 10.0_RC3 NetBSD 10.0_RC3 (XEN3_DOMU) #3: Mon Feb 5 11:54:46 NZDT 2024 mark%turakirae.ecs.vuw.ac.nz@localhost:/local/SAVE/10_64.obj/src/work/10/src/sys/arch/amd64/compile/XEN3_DOMU amd64
Architecture: x86_64
Machine: amd64
>Description:
blocklistd.conf doesn't appear to work correctly for IPv6 addresses.
>How-To-Repeat:
I want to set blocklistd up to block ssh connections after 4 failures, except for local addresses
which should never be blocked. Where local addresses are 130.195.0.0/16, 10.0.0.0/8 and 2404:2000::/32
So I have the following /etc/blocklistd.conf
---
# Blocklist rule
# adr/mask:port type proto owner name nfail disable
[local]
ssh stream * * * 4 6h
# adr/mask:port type proto owner name nfail disable
[remote]
130.195.0.0/16 * * * = * *
[2404:2000::/32] * * * = * *
10.0.0.0/8 * * * = * *
---
With this IPv4 connections work as expected, but all IPv6 connections are blocked
after 4 failures AND the following message is logged when blocklistd starts
Feb 5 15:18:15 smb2 blocklistd[943]: conf_getnum: /etc/blocklistd.conf, 10: Bad number for service []
If I change line 9 of my blocklistd.conf (note the off by one error in the line number reported) to
[2404:2000::/32]:ssh * * * = * *
then the message is no longer logged on startup, but all IPv6 connections are still
blocked after 4 fails.
>Fix:
dont know.
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index