git: sshlockout - use a PF table instead of IPFW
Michael Neumann
mneumann at ntecs.de
Mon Jan 19 01:51:50 PST 2015
Am 18.01.2015 um 12:31 schrieb bycn82:
> /Hi,/
> /
> /
> /I just implemented a feature which can work nicely with your sshlockout. /
> /You can manually insert a state as below and the state will be maintain
> by ipfw itself./
> /
> /
> /ipfw state add rulenum 100 udp 192.168.1.1:0 <http://192.168.1.1:0>
> 8.8.8.8:53 <http://8.8.8.8:53> expiry +600/
> /
> /
> /so you dont need to implement the logic to maintain the IP addresses or
> configure any crontab to remove../
Cool!
I think I will extend sshlockout so that it runs arbitrary commands.
At the moment you run:
sshlockout lockout
which would then be equal to:
sshlockout "pfctl -tlockout -Tadd %s"
So it will works with ipfw:
sshlockout "ipfw state add rulenum 100 udp 192.168.1.1:0 %s:53
expiry +600"
What do you think?
Regards,
Michael
> /
> /
> /different state can have different expiry or "life time"./
> /
> /
> /any comment?/
> /
> /
>
> /Regards,/
> /Bill Yuan/
>
> On 14 January 2015 at 02:25, Michael Neumann
> <mneumann at crater.dragonflybsd.org
> <mailto:mneumann at crater.dragonflybsd.org>> wrote:
>
>
> commit ed17c1722f7702eb6422f73152c0091819a1900f
> Author: Michael Neumann <mneumann at ntecs.de <mailto:mneumann at ntecs.de>>
> Date: Tue Jan 13 13:04:29 2015 +0100
>
> sshlockout - use a PF table instead of IPFW
>
> Summary of changes:
> usr.sbin/sshlockout/sshlockout.8 | 27 +++++++++++-------
> usr.sbin/sshlockout/sshlockout.c | 59
> +++++++++++++++++++++++++++-------------
> 2 files changed, 57 insertions(+), 29 deletions(-)
>
> http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ed17c1722f7702eb6422f73152c0091819a1900f
>
>
> --
> DragonFly BSD source repository
>
>
More information about the Users
mailing list