git: sshlockout - use a PF table instead of IPFW

Michael Neumann mneumann at ntecs.de
Mon Jan 19 01:51:50 PST 2015



Am 18.01.2015 um 12:31 schrieb bycn82:
> /Hi,/
> /
> /
> /I just implemented a feature which can work nicely with your sshlockout. /
> /You can manually insert a state as below and the state will be maintain
> by ipfw itself./
> /
> /
> /ipfw state add rulenum 100 udp 192.168.1.1:0 <http://192.168.1.1:0>
> 8.8.8.8:53 <http://8.8.8.8:53> expiry +600/
> /
> /
> /so you dont need to implement the logic to maintain the IP addresses or
> configure any crontab to remove../

Cool!

I think I will extend sshlockout so that it runs arbitrary commands.

At the moment you run:

     sshlockout lockout

which would then be equal to:

     sshlockout "pfctl -tlockout -Tadd %s"

So it will works with ipfw:

     sshlockout "ipfw state add rulenum 100 udp 192.168.1.1:0 %s:53 
expiry +600"

What do you think?

Regards,

   Michael


> /
> /
> /different state can have different expiry or "life time"./
> /
> /
> /any comment?/
> /
> /
>
> /Regards,/
> /Bill Yuan/
>
> On 14 January 2015 at 02:25, Michael Neumann
> <mneumann at crater.dragonflybsd.org
> <mailto:mneumann at crater.dragonflybsd.org>> wrote:
>
>
>     commit ed17c1722f7702eb6422f73152c0091819a1900f
>     Author: Michael Neumann <mneumann at ntecs.de <mailto:mneumann at ntecs.de>>
>     Date:   Tue Jan 13 13:04:29 2015 +0100
>
>          sshlockout - use a PF table instead of IPFW
>
>     Summary of changes:
>       usr.sbin/sshlockout/sshlockout.8 | 27 +++++++++++-------
>       usr.sbin/sshlockout/sshlockout.c | 59
>     +++++++++++++++++++++++++++-------------
>       2 files changed, 57 insertions(+), 29 deletions(-)
>
>     http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ed17c1722f7702eb6422f73152c0091819a1900f
>
>
>     --
>     DragonFly BSD source repository
>
>



More information about the Users mailing list