Am 18.01.2015 um 12:31 schrieb bycn82:
/Hi,/
/
/
/I just implemented a feature which can work nicely with your sshlockout. /
/You can manually insert a state as below and the state will be maintain
by ipfw itself./
/
/
/ipfw state add rulenum 100 udp 192.168.1.1:0 <http://192.168.1.1:0>
8.8.8.8:53 <http://8.8.8.8:53> expiry +600/
/
/
/so you dont need to implement the logic to maintain the IP addresses or
configure any crontab to remove../
Cool!
I think I will extend sshlockout so that it runs arbitrary commands.
At the moment you run:
sshlockout lockout
which would then be equal to:
sshlockout "pfctl -tlockout -Tadd %s"
So it will works with ipfw:
sshlockout "ipfw state add rulenum 100 udp 192.168.1.1:0 %s:53
expiry +600"
What do you think?
Regards,
Michael
/
/
/different state can have different expiry or "life time"./
/
/
/any comment?/
/
/
/Regards,/
/Bill Yuan/
On 14 January 2015 at 02:25, Michael Neumann
<[email protected]
<mailto:[email protected]>> wrote:
commit ed17c1722f7702eb6422f73152c0091819a1900f
Author: Michael Neumann <[email protected] <mailto:[email protected]>>
Date: Tue Jan 13 13:04:29 2015 +0100
sshlockout - use a PF table instead of IPFW
Summary of changes:
usr.sbin/sshlockout/sshlockout.8 | 27 +++++++++++-------
usr.sbin/sshlockout/sshlockout.c | 59
+++++++++++++++++++++++++++-------------
2 files changed, 57 insertions(+), 29 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ed17c1722f7702eb6422f73152c0091819a1900f
--
DragonFly BSD source repository
