On Mon, Jul 06, 2015 at 01:41:50PM +0200, pierre-philipp braun wrote: | Hi Luke, hi NetBSD tech-userlevel, | | I installed tnftpd as my favorite FTP daemon on a FreeBSD box but | I observed that I couldn't reject some dirty hackers trying to | brute force it, as it isn't linked against libwrap on that system. | I guess or I hope it is TCP wrappers capable on NetBSD, but that | feature seems to be missing on FreeBSD which also has a specific | /etc/hosts.allow mechanism. | | Compiling ot from the ports tree or getting the prepared binary | brings the same. I also looked at ./configure --help output and | didn't see anything about tcp wrappers nor libwrap. Neither ftpd (in base NetBSD) nor tnftpd (the portable version of the former) have support for the TCP wrappers (libwrap). I don't know if FreeBSD has modifications for that - at first glance it does not appear to. | Is there some way that I can keep my daemon up while still being | able to refuse specific IP or hostnames trying to brute force? The ftpd in NetBSD-current appears to support <blacklist.h> but that isn't documented in ftpd(8) how it operates, and I don't think it's reusable outside of NetBSD as a standalone project (yet). (I didn't add blacklist.h to ftpd - Christos did) regards, Luke.
Attachment:
pgpbsqTYQTIPj.pgp
Description: PGP signature