On Jan 21, 3:43pm, [email protected] (Jarle Greipsland) wrote: -- Subject: Re: blacklistd is now available for current (comments?)
| > # Blacklist rule | > # Port type protocol owner nfail disable | > ssh stream tcp * 6 60m | > ssh stream tcp6 * 6 60m | What about hosts with multiple addresses and multiple instances | of the same daemon? I.e. an ssh daemon for ordinary login on IP | address a.b.c.d, and an anoncvs ssh daemon on a.b.c.e, and you | want different policies for how to blacklist remote clients? | Maybe do something like postfix, and allow a.b.c.d:ssh as a | service specifier instead of just a port number/name? The current implementation of groups and rules on npf is interface-specific, and it is not finalized yet. I considered adding per interface rules, but that introduces complexity. Perhaps I will add a flag to the daemon to handle this, making the configuration line look like: # external interface ssh stream tcp6 bge0 * 6 60m # internal interface ssh stream tcp6 sk0 * * * and then automatically create the rule "blacklistd-bge0", etc. * again there will mean all the interfaces. This does not handle though the case of multiple addresses on the same interface. Should it handle that too? It would be easy to extend the syntax to handle address:port in the first field. christos
