I've seen the patch already.
Thanks all involved for the super-fast response.
To answer your question...
On 20/11/2024 12:24, Stuart Henderson wrote:
...don't those tools already manage expiry? I haven't used blacklistd
or fail2ban, but sshguard does, with increasing timeouts for repeat
offenders, which seems a sensible way to do it.
I haven't used blacklistd, but I have used fail2ban.
It does have a 'recidive' filter, which can give repeat offenders a
longer time-out. However, this filter needs to be configured for each
fail2ban jail separately. So if I have jails for apache, sshd, postfix
and dovecot, I need to configure it 4 times (and actually more, because
there are multiple apache-jails).
And what's more, fail2ban is Python doing regular expressions over log
files, which is quite slow and resource consuming, so I'd like to move
away from fail2ban where I can.
And repeat offenders will often be added to a <block> table by PF's
overload function. And if it's not fail2ban who adds the address, it
won't recognize a repeat offender unless I write a new filter to teach
it how to (with new Python regular expressions).
Plus, to me it makes more sense to just reset the counter for repeat
offenders instead of adding longer and longer time-outs.
Anyway, the patch is here, so it's a matter of time before this feature
appears in FreeBSD.
I thank you all!
Have a good day, or evening, or whatever is valid in your timezone.
Rob
--
https://www.librobert.net/
https://www.ohreally.nl/category/nerd-stuff/
https://github.com/ohreally/
