[Bug 262590] [pf] Anchor "blacklistd/*" not correctly shown in pfctl -a \* -s rules

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 16 Mar 2022 12:22:50 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262590

            Bug ID: 262590
           Summary: [pf] Anchor "blacklistd/*" not correctly shown in
                    pfctl -a \* -s rules
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: matteo@FreeBSD.org
                CC: kp@freebsd.org

(This may be related to #252617)

Wildcards in anchor names do not seem to be correctly interpreted by pfctl.

Steps to reproduce:

1) Start blacklistd, even with the default /etc/blacklistd.conf
2) Enable blacklistd in sshd_config (UseBlacklist yes), and reload sshd
2) Add 'anchor "blacklistd/*" as the first rule in your pf.conf
3) Reload the rules
4) Fake some wrong logins on ssh (e.g., ssh notauser@yourhost), to trigger the
blacklist

Now, if I run "pfctl -a blacklistd -sA", I get 
blacklistd/22

and if I run "pfctl -a blacklistd/22 -s rules, I get:

block drop in quick proto tcp from <port22> to any port = ssh

which is fine.

But if I run "pfctl -a 'blacklistd/*' -s rules", I get no output, which seems
weird.

Finally, if I run "pfctl -a '*' -s rules", I get:

anchor "*" all {
pfctl: DIOCGETRULES: Invalid argument
}
... other rules, none of which is about the blacklistd anchors.

so either I'm confused by how to see the rules for all anchors (under an
anchor, possibly), or the wildcard seems to be misinterpreted. 

At this point I'm not even sure that the rules are loaded correctly, because I
cannot verify it with pfctl.

-- 
You are receiving this mail because:
You are the assignee for the bug.