<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i>I recommend to use this feature in ipfw is because delete ip using crontab sounds not good for me.</i></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><span style="color:rgb(103,78,167)"><i><font face="verdana, sans-serif">Regards,</font></i><br></span></div><div><span style="color:rgb(103,78,167)"><i><font style="background-color:rgb(255,255,255)" face="verdana, sans-serif">Bill Yuan</font></i></span></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 19 January 2015 at 17:51, Michael Neumann <span dir="ltr"><<a href="mailto:mneumann@ntecs.de" target="_blank">mneumann@ntecs.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Am 18.01.2015 um 12:31 schrieb bycn82:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
/Hi,/<br>
/<br>
/<br>
/I just implemented a feature which can work nicely with your sshlockout. /<br>
/You can manually insert a state as below and the state will be maintain<br>
by ipfw itself./<br>
/<br>
/<br>
/ipfw state add rulenum 100 udp <a href="http://192.168.1.1:0" target="_blank">192.168.1.1:0</a> <<a href="http://192.168.1.1:0" target="_blank">http://192.168.1.1:0</a>><br>
<a href="http://8.8.8.8:53" target="_blank">8.8.8.8:53</a> <<a href="http://8.8.8.8:53" target="_blank">http://8.8.8.8:53</a>> expiry +600/<br>
/<br>
/<br>
/so you dont need to implement the logic to maintain the IP addresses or<br>
configure any crontab to remove../<br>
</blockquote>
<br>
Cool!<br>
<br>
I think I will extend sshlockout so that it runs arbitrary commands.<br>
<br>
At the moment you run:<br>
<br>
sshlockout lockout<br>
<br>
which would then be equal to:<br>
<br>
sshlockout "pfctl -tlockout -Tadd %s"<br>
<br>
So it will works with ipfw:<br>
<br>
sshlockout "ipfw state add rulenum 100 udp <a href="http://192.168.1.1:0" target="_blank">192.168.1.1:0</a> %s:53 expiry +600"<br>
<br>
What do you think?<br>
<br>
Regards,<br>
<br>
Michael<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
/<br>
/<br>
/different state can have different expiry or "life time"./<br>
/<br>
/<br>
/any comment?/<br>
/<br>
/<br>
<br>
/Regards,/<br>
/Bill Yuan/<span class=""><br>
<br>
On 14 January 2015 at 02:25, Michael Neumann<br>
<<a href="mailto:mneumann@crater.dragonflybsd.org" target="_blank">mneumann@crater.dragonflybsd.<u></u>org</a><br></span><span class="">
<mailto:<a href="mailto:mneumann@crater.dragonflybsd.org" target="_blank">mneumann@crater.<u></u>dragonflybsd.org</a>>> wrote:<br>
<br>
<br>
commit ed17c1722f7702eb6422f73152c009<u></u>1819a1900f<br></span>
Author: Michael Neumann <<a href="mailto:mneumann@ntecs.de" target="_blank">mneumann@ntecs.de</a> <mailto:<a href="mailto:mneumann@ntecs.de" target="_blank">mneumann@ntecs.de</a>>><span class=""><br>
Date: Tue Jan 13 13:04:29 2015 +0100<br>
<br>
sshlockout - use a PF table instead of IPFW<br>
<br>
Summary of changes:<br>
usr.sbin/sshlockout/<u></u>sshlockout.8 | 27 +++++++++++-------<br>
usr.sbin/sshlockout/<u></u>sshlockout.c | 59<br>
+++++++++++++++++++++++++++---<u></u>----------<br>
2 files changed, 57 insertions(+), 29 deletions(-)<br>
<br>
<a href="http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ed17c1722f7702eb6422f73152c0091819a1900f" target="_blank">http://gitweb.dragonflybsd.<u></u>org/dragonfly.git/commitdiff/<u></u>ed17c1722f7702eb6422f73152c009<u></u>1819a1900f</a><br>
<br>
<br>
--<br>
DragonFly BSD source repository<br>
<br>
<br>
</span></blockquote>
</blockquote></div><br></div>