git: sshlockout - use a PF table instead of IPFW
bycn82
bycn82 at gmail.com
Tue Jan 20 06:52:39 PST 2015
*I recommend to use this feature in ipfw is because delete ip using
crontab sounds not good for me.*
*Regards,*
*Bill Yuan*
On 19 January 2015 at 17:51, Michael Neumann <mneumann at ntecs.de> wrote:
>
>
> Am 18.01.2015 um 12:31 schrieb bycn82:
>
>> /Hi,/
>> /
>> /
>> /I just implemented a feature which can work nicely with your sshlockout.
>> /
>> /You can manually insert a state as below and the state will be maintain
>> by ipfw itself./
>> /
>> /
>> /ipfw state add rulenum 100 udp 192.168.1.1:0 <http://192.168.1.1:0>
>> 8.8.8.8:53 <http://8.8.8.8:53> expiry +600/
>> /
>> /
>> /so you dont need to implement the logic to maintain the IP addresses or
>> configure any crontab to remove../
>>
>
> Cool!
>
> I think I will extend sshlockout so that it runs arbitrary commands.
>
> At the moment you run:
>
> sshlockout lockout
>
> which would then be equal to:
>
> sshlockout "pfctl -tlockout -Tadd %s"
>
> So it will works with ipfw:
>
> sshlockout "ipfw state add rulenum 100 udp 192.168.1.1:0 %s:53 expiry
> +600"
>
> What do you think?
>
> Regards,
>
> Michael
>
>
> /
>> /
>> /different state can have different expiry or "life time"./
>> /
>> /
>> /any comment?/
>> /
>> /
>>
>> /Regards,/
>> /Bill Yuan/
>>
>> On 14 January 2015 at 02:25, Michael Neumann
>> <mneumann at crater.dragonflybsd.org
>> <mailto:mneumann at crater.dragonflybsd.org>> wrote:
>>
>>
>> commit ed17c1722f7702eb6422f73152c0091819a1900f
>> Author: Michael Neumann <mneumann at ntecs.de <mailto:mneumann at ntecs.de
>> >>
>> Date: Tue Jan 13 13:04:29 2015 +0100
>>
>> sshlockout - use a PF table instead of IPFW
>>
>> Summary of changes:
>> usr.sbin/sshlockout/sshlockout.8 | 27 +++++++++++-------
>> usr.sbin/sshlockout/sshlockout.c | 59
>> +++++++++++++++++++++++++++-------------
>> 2 files changed, 57 insertions(+), 29 deletions(-)
>>
>> http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/
>> ed17c1722f7702eb6422f73152c0091819a1900f
>>
>>
>> --
>> DragonFly BSD source repository
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20150120/59563e19/attachment-0006.html>
More information about the Users
mailing list