Howdy folks
I've setup blacklistd in combination with PF.
blacklistd works as intended, i involuntarily tested that by locking myself out because i used the wrong key by accident.
But my /var/log/messages is filled with blacklistd messages that i don't know how to interpret:
Since I believe that I've one everything by the books
here's the relevant pf.conf part:
and here's my blacklistd config:
Any ideas where those messages come from?
I've setup blacklistd in combination with PF.
blacklistd works as intended, i involuntarily tested that by locking myself out because i used the wrong key by accident.
But my /var/log/messages is filled with blacklistd messages that i don't know how to interpret:
Code:
3960 Sep 23 16:30:08 beast blacklistd[2614]: message too short 144
3961 Sep 23 16:30:08 beast blacklistd[2614]: no message (No such file or directory)
3962 Sep 24 01:48:43 beast blacklistd[2614]: message too short 144
3963 Sep 24 01:48:43 beast blacklistd[2614]: no message (No such file or directory)
3964 Sep 24 03:50:55 beast blacklistd[2614]: message too short 144
3965 Sep 24 03:50:55 beast blacklistd[2614]: no message (No such file or directory)
Since I believe that I've one everything by the books
here's the relevant pf.conf part:
Code:
##############################
## ANCHOR
##############################
anchor "blacklistd/*" in on $ext_if
and here's my blacklistd config:
Code:
# $FreeBSD: releng/12.1/usr.sbin/blacklistd/blacklistd.conf 336977 2018-07-31 16:39:38Z brd $
#
# Blacklist rule
# adr/mask:port type proto owner name nfail disable
[local]
ssh stream * * * 3 24h
ftp stream * * * 3 24h
smtp stream * * * 3 24h
submission stream * * * 3 24h
#6161 stream tcp6 christos * 2 10m
* * * * * 3 60
# adr/mask:port type proto owner name nfail disable
[remote]
#129.168.0.0/16 * * * = * *
#6161 = = = =/24 = =
#* stream tcp * = = =
Any ideas where those messages come from?