From nobody Mon Apr 17 20:38:35 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q0f655DJyz459RV for ; Mon, 17 Apr 2023 20:38:53 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from mail.sermon-archive.info (sermon-archive.info [47.181.130.121]) by mx1.freebsd.org (Postfix) with ESMTP id 4Q0f6464yLz3kM2 for ; Mon, 17 Apr 2023 20:38:52 +0000 (UTC) (envelope-from bc979@lafn.org) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of bc979@lafn.org designates 47.181.130.121 as permitted sender) smtp.mailfrom=bc979@lafn.org; dmarc=none Received: from smtpclient.apple (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 4Q0f5x5QGvz2fjRH for ; Mon, 17 Apr 2023 13:38:45 -0700 (PDT) From: Doug Hardie Content-Type: multipart/alternative; boundary="Apple-Mail=_ABFDB59E-6D16-48BF-BDE8-E5C43C1D1EA6" List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\)) Subject: Blacklistd Issues Message-Id: Date: Mon, 17 Apr 2023 13:38:35 -0700 To: questions@freebsd.org X-Mailer: Apple Mail (2.3731.400.51.1.1) X-Virus-Scanned: clamav-milter 1.0.1 at mail X-Virus-Status: Clean X-Spamd-Result: default: False [-0.77 / 15.00]; NEURAL_HAM_LONG(-0.96)[-0.963]; NEURAL_HAM_SHORT(-0.70)[-0.701]; NEURAL_SPAM_MEDIUM(0.59)[0.592]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+mx]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MLMMJ_DEST(0.00)[questions@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; R_DKIM_NA(0.00)[]; DMARC_NA(0.00)[lafn.org: no valid DMARC record]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; ASN(0.00)[asn:5650, ipnet:47.181.128.0/18, country:US]; TO_MATCH_ENVRCPT_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4Q0f6464yLz3kM2 X-Spamd-Bar: / X-ThisMailContainsUnwantedMimeParts: N --Apple-Mail=_ABFDB59E-6D16-48BF-BDE8-E5C43C1D1EA6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I have been implementing blacklistd. It works fine with postfix and my = web server. However, sshd is not working. I have enabled the = UseBlacklistd configuration line. However, no amount of invalid = id/passwords generate an entry in either blacklistd or pf. Running = ktrace with invalid web requests on blacklistd shows that it obtains the = endpoints properly and calls the helper to do the work. However, when = sending invalid id/passwords via ssh, blacklistd does receive the proper = packets from sshd and it obtains the endpoints, but just ends. It never = calls the helper. I have the entry in blacklistd.conf for that port, = and blacklistd has been restarted many times. Any ideas what I need to = do to get blacklistd to record the calls. There is no table in pf for = that port. However, it appears there needs to be at least one call to = make the table appear. -- Doug --Apple-Mail=_ABFDB59E-6D16-48BF-BDE8-E5C43C1D1EA6 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii I have been = implementing blacklistd.  It works fine with postfix and my web = server.  However, sshd is not working.  I have enabled the = UseBlacklistd configuration line.  However, no amount of invalid = id/passwords generate an entry in either blacklistd or pf.  Running = ktrace with invalid web requests on blacklistd shows that it obtains the = endpoints properly and calls the helper to do the work.  However, = when sending invalid id/passwords via ssh, blacklistd does receive the = proper packets from sshd and it obtains the endpoints, but just ends. =  It never calls the helper.  I have the entry in = blacklistd.conf for that port, and blacklistd has been restarted many = times.  Any ideas what I need to do to get blacklistd to record the = calls.  There is no table in pf for that port.  However, it = appears there needs to be at least one call to make the table = appear.

-- Doug

= --Apple-Mail=_ABFDB59E-6D16-48BF-BDE8-E5C43C1D1EA6--