| #
48e64ca1
|
| 12-Oct-2025 |
Jose Luis Duran <jlduran@FreeBSD.org> |
MFV: Import blocklist 2025-04-28 (8aa81bf)
Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15'
Breaking changes:
- Upstream commit 24932b6 ("blocklistd: log the conf file line number
with ba
MFV: Import blocklist 2025-04-28 (8aa81bf)
Merge commit '70f30afd4e9af5a51ee324d97e4d8c5f2124ec15'
Breaking changes:
- Upstream commit 24932b6 ("blocklistd: log the conf file line number
with bad protocol errors") breaks backward database compatibility.
An error will be displayed:
Key size mismatch 296 != 288
A new and compatible database, with the new name, will be created when the
service starts (committed separately).
- Upstream commit ddf6d71 ("implement BLOCKLIST_BAD_USER as a
"one-count" failure") introduced BLOCKLIST_BAD_USER with a one-count
failure mechanism. BLOCKLIST_AUTH_FAIL was implemented with a
two-count failure mechanism. Since we utilize BLOCKLIST_AUTH_FAIL, the
number of failed attempts now doubles towards the maximum limit
(nfails). This commit will be reverted separately.
Changes:
https://github.com/zoulasc/blocklist/compare/7093cd9...8aa81bf
Approved by: emaste (mentor)
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D52869
show more ...
|
| #
5f4c09dd
|
| 11-Oct-2022 |
Ed Maste <emaste@FreeBSD.org> |
Track upstream project rename in contrib/blocklistd
Upstream is now https://github.com/zoulasc/blocklist/. Rename the
contrib directory and update Makefiles to match, in advance of the next
vendor
Track upstream project rename in contrib/blocklistd
Upstream is now https://github.com/zoulasc/blocklist/. Rename the
contrib directory and update Makefiles to match, in advance of the next
vendor branch update.
Sponsored by: The FreeBSD Foundation
show more ...
|
| #
5de2cc52
|
| 23-May-2017 |
Kurt Lidl <lidl@FreeBSD.org> |
Extend libblacklist support with new action types
The original blacklist library supported two notification types:
- failed auth attempt, which incremented the failed login count
by one for the
Extend libblacklist support with new action types
The original blacklist library supported two notification types:
- failed auth attempt, which incremented the failed login count
by one for the remote address
- successful auth attempt, which reset the failed login count
to zero for that remote address
When the failed login count reached the limit in the configuration
file, the remote address would be blocked by a packet filter.
This patch implements a new notification type, "abusive behavior",
and accepts, but does not act on an additional type, "bad username".
It is envisioned that a system administrator will configure a small
list of "known bad usernames" that should be blocked immediately.
Reviewed by: emaste
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D10604
show more ...
|
| #
12017ca8
|
| 01-Jun-2016 |
Kurt Lidl <lidl@FreeBSD.org> |
Import NetBSD's blacklist source from vendor tree
This import includes The basic blacklist library and utility programs,
to add a system-wide packet filtering notification mechanism to
FreeBSD.
The
Import NetBSD's blacklist source from vendor tree
This import includes The basic blacklist library and utility programs,
to add a system-wide packet filtering notification mechanism to
FreeBSD.
The rational behind the daemon was given by Christos Zoulas in a
presentation at vBSDcon 2015: https://youtu.be/fuuf8G28mjs
Reviewed by: rpaulo
Approved by: rpaulo
Obtained from: NetBSD
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5912
show more ...
|