git: sshlockout - use a PF table instead of IPFW

bycn82 bycn82 at gmail.com
Tue Jan 20 06:52:39 PST 2015 

​*I recommend to use this feature in ipfw is because delete ip using
crontab sounds not good for me.*​

*Regards,*
*Bill Yuan*

On 19 January 2015 at 17:51, Michael Neumann <mneumann at ntecs.de> wrote:

>
>
> Am 18.01.2015 um 12:31 schrieb bycn82:
>
>> /Hi,/
>> /
>> /
>> /I just implemented a feature which can work nicely with your sshlockout.
>> /
>> /You can manually insert a state as below and the state will be maintain
>> by ipfw itself./
>> /
>> /
>> /ipfw state add rulenum 100 udp 192.168.1.1:0 <http://192.168.1.1:0>
>> 8.8.8.8:53 <http://8.8.8.8:53> expiry +600/
>> /
>> /
>> /so you dont need to implement the logic to maintain the IP addresses or
>> configure any crontab to remove../
>>
>
> Cool!
>
> I think I will extend sshlockout so that it runs arbitrary commands.
>
> At the moment you run:
>
>     sshlockout lockout
>
> which would then be equal to:
>
>     sshlockout "pfctl -tlockout -Tadd %s"
>
> So it will works with ipfw:
>
>     sshlockout "ipfw state add rulenum 100 udp 192.168.1.1:0 %s:53 expiry
> +600"
>
> What do you think?
>
> Regards,
>
>   Michael
>
>
>  /
>> /
>> /different state can have different expiry or "life time"./
>> /
>> /
>> /any comment?/
>> /
>> /
>>
>> /Regards,/
>> /Bill Yuan/
>>
>> On 14 January 2015 at 02:25, Michael Neumann
>> <mneumann at crater.dragonflybsd.org
>> <mailto:mneumann at crater.dragonflybsd.org>> wrote:
>>
>>
>>     commit ed17c1722f7702eb6422f73152c0091819a1900f
>>     Author: Michael Neumann <mneumann at ntecs.de <mailto:mneumann at ntecs.de
>> >>
>>     Date:   Tue Jan 13 13:04:29 2015 +0100
>>
>>          sshlockout - use a PF table instead of IPFW
>>
>>     Summary of changes:
>>       usr.sbin/sshlockout/sshlockout.8 | 27 +++++++++++-------
>>       usr.sbin/sshlockout/sshlockout.c | 59
>>     +++++++++++++++++++++++++++-------------
>>       2 files changed, 57 insertions(+), 29 deletions(-)
>>
>>     http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/
>> ed17c1722f7702eb6422f73152c0091819a1900f
>>
>>
>>     --
>>     DragonFly BSD source repository
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20150120/59563e19/attachment-0001.htm>

More information about the Users mailing list