https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237151
Bug ID: 237151
Summary: blacklistd(8) doesn't respect IPv6 address pools
whitelisting
Product: Base System
Version: 11.2-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: b...@freebsd.org
Reporter: zarych...@plan-b.pwste.edu.pl
Blacklistd(8) is a great tool and can be easily adapted to limit ssh probes. It
supports whitelisting address pools what is quite a handy feature because users
from trusted networks are allowed to mistype their passwords without being
banned. This feature (whitelisting) doesn't work for IPv6 address pools.
The daemon accepts IPv6 whitelisting in /etc/blacklistd.conf, but doesn't
respect it.
In the example given bellow only first, IPv4 pool is whitelisted, IPv6 pool is
ignored.
# adr/mask:port type proto owner name nfail disable
[remote]
x.x.x.0/24:ssh * * * = * *
[2001:x:x::/48]:ssh * * * = * *
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
