History log of /freebsd-head/contrib/blacklist/bin/blacklistd.c
Revision Date Author Comments
8227969cfae001ab8d3696e49bf2bd5662255eb5 06-Nov-2019 emaste <emaste@FreeBSD.org> blacklist: update to NetBSD snapshot on 20191106

Cursory review: cem
MFC after: 3 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D22259
6150b2114e51d5f8f6bc23c7793503a536cbc25a 18-Mar-2019 lidl <lidl@FreeBSD.org> Fixup syslog() call that should have used logging function pointer

PR: 236614
Submitted by: Helge Oldach <freebsd@oldach.net>
ce5ee08751a19d755a9e6c802e0838d664f70bc0 23-May-2017 lidl <lidl@FreeBSD.org> Extend libblacklist support with new action types

The original blacklist library supported two notification types:
- failed auth attempt, which incremented the failed login count
by one for the remote address
- successful auth attempt, which reset the failed login count
to zero for that remote address

When the failed login count reached the limit in the configuration
file, the remote address would be blocked by a packet filter.

This patch implements a new notification type, "abusive behavior",
and accepts, but does not act on an additional type, "bad username".
It is envisioned that a system administrator will configure a small
list of "known bad usernames" that should be blocked immediately.

Reviewed by: emaste
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D10604
159cf9fdcbf4edaafaa73b43b080e61ff19e01a3 04-May-2017 lidl <lidl@FreeBSD.org> Merge latest version of blacklist sources from NetBSD (@ 20170503)

MFC after: 3 days
Sponsored by: The FreeBSD Foundation
ae9b952c708b3baad526b6da4f6608431e97755f 23-Feb-2017 lidl <lidl@FreeBSD.org> Reset failed login count to zero when removing a blocked address

The blacklistd daemon keeps records of failed login attempts for
each address:port that is flagged as a failed login. When a
successful login occurs for that address:port combination,
the record's last update time is set to zero, to indicate no current
failed login attempts.

Reset the failed login count to zero, so that at the next failed
login attempt, the counting will restart properly at zero. Without
this reset to zero, the first failed login after a successful login
will cause the address to be blocked immediately.

When debugging is turned on, output more information about database
state before and after the database updates have occured.

A similar patch has already been upstreamed to NetBSD.

MFC after: 3 days
Sponsored by: The FreeBSD Foundation
fcf0811818e99230d6736447c554b84f7412e087 30-Sep-2016 lidl <lidl@FreeBSD.org> Fix blacklistd's state restoral at startup

The blacklistd daemon attempted to restore the filtering rules
before the database of blocked addresses was opened, so no rules
were being reloaded. Now the rules are properly recreated when the
daemon is started with '-r'.

This bug was fixed locally, and then sent upstream to NetBSD.
This changeset is the import the NetBSD version of the change,
which added debugging output to alert about a null database.

Reviewed by: emaste
Obtained from: NetBSD
MFC after: 1 week
Sponsored by: The FreeBSD Foundation