https://bugs.contribs.org/show_bug.cgi?id=10760
--- Comment #11 from mab974 <[email protected]> ---
(In reply to Jean-Philippe Pialasse from comment #10)
> $sshd{BadCountries}
> maybe it would be better call them GoodCountries ...
That's why I was confused !!
>
> also the reverse match could be set using
>
> $reverse = ( ($sshd{BadCountriesReverse} || 'enabled') eq 'enabled' )? '!' :
> ' ' ;
> and keep the badcountries for al, while there is an explicit option and get
> this clear.
Personally, I prefer black and white lists to bad and good countries....
It may be simpler to distinguish between two different types: "whitelist" or
"greylist" countries and blacklist countries.
To resume,
Step 1: a blacklist of countries for all ports,
Step 2: a whitelist added for each service. But a complete whitelist could be
too
big.
Otherwise a blacklist for each service concerned and the initial blacklist for
the other ports
[ -m multiport --dports ! 22,465,993,.... ]
Is this possible ?
If the answer is yes, by default the initial blacklist should be copied to each
service to works like in the step 1.
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
