IPFW Blacklistd-- changing the service alias

Hi all. Okay, so I'm sure that this probably goes somewhere else, but I can't think of the Official Name™ for the thing I'm trying to do. Apologies in advance to any mod who sees fit to relocate this thread accordingly.

Okay. So, I have a setup with IPFW and blacklistd that I like very much. However, I also like using a port other than 22 for SSH, so I generally choose an alternate port in the sshd configuration file. (Yes, yes, I know, security through obscurity and whatever, but it seems to keep some of the lower-level script kiddies at bay.) Here's the question:

I've got a line or two in my blacklist configuration file:

Code:
[local]
ssh        stream        *        *        *        4        24h
...

I want to make blacklistd continue to watch intrusions on sshd. I don't want to specify my alternate port directly in blacklistd, but I'm not sure if this is possible. What exactly does "ssh" mean in this file: does it map directly to port 22, or is it an indicator of the service itself, and if so, does it resolve to the alternate port automatically? If not, can I change it somewhere? If so, are there side-effects of doing this? Or, am I stuck with the notion of changing "ssh" to my alternate port directly? Lastly (though, maybe this should be firstly), do these lines only control what gets added to the firewall rules (i.e. does sshd report to blacklistd through other means) or are these lines used to additionally monitor those specific ports?

I have gone and looked at the man pages, and at the handbook-- I'm either blind, or what I'm looking isn't there. I'm sure that it's the former; if this is the case, enlightenment would be welcome.

Thanks!
 

create a new 'service' called ssh2 or something with the new port and see what happens
Ah see, this exactly the nudge I needed-- another case of simply not knowing the term I'm looking for, ha! "Service." (I realize I said it above, but I was speaking arbitrarily-- conventions are neato.) That should be enough for me to figure the rest out, thanks!
 
Back
Top