PF adding "log" to blacklistd anchor?

Hello,

I'm using blacklistd on my FreeBSD 13.x servers (ssh, submission) and I would like pf() to log when a connection attempt hit the rule.
Currently I use:

Code:
anchor "blacklistd/*" in on $ext_if

I've tried to add "log" at different places in this statement, but got only "syntax error" from pfctl().

Any idea how I could achieve logging for pf rules added to the blacklistd anchor by blacklistd()?
 
You should modify /usr/libexec/blacklistd-helper or better use your own helper script:

- echo "block in quick $proto from <port$6> to any $port" | \ + echo "block in log quick $proto from <port$6> to any $port" | \
 
"anchor" is a "collection of rules, tables and other anchors that has been assigned a name." not actually a rule.
That's why at shurik points out you need to add the "log" to whatever is adding rules to that anchor.
 
Thank you both. I do understand that an anchor is not a rule, but you can add some context related element to an anchor (like "in", "on $ext_if", etc.) so I was hopping there was a way to add "log" too.
Changing the helper is a "high maintenance" solution if I want to ensure my own helper stay in sync with the system-provided helper. But if it's the only available solution, I'll try :)
 
patpro, are you inserted UseBlacklist yes in /etc/ssh/ssh_config to activate Blacklistd in the SSH daemon?
I did, of course. Everything is properly setup, I just want to log hits for blacklistd-managed rules that are "inside" the anchor. And apparently the only way to do so is to implement the solution from shurik
 
Back
Top