Hello,
I have enabled blacklistd(8) but the output of
I expected that blacklistctl(8) should return a number of IP addresses which appear in/var/log/messages as sources of login attempts.
Would you please point out what am I missing?
I have enabled blacklistd(8) but the output of
blacklistctl dump -ad
is empty, even though there are plenty of ssh login attempts in the logs. # ps aux | grep blacklistd
root 1251 0.0 0.0 14740 624 - Ss 12Jan17 0:13.99 /usr/sbin/blacklistd
Code:
# cat /etc/blacklistd.conf
# $FreeBSD: stable/11/etc/blacklistd.conf 301226 2016-06-02 19:06:04Z lidl $
#
# Blacklist rule
# adr/mask:port type proto owner name nfail disable
[local]
xn0:ssh stream * * * 3 24h
ftp stream * * * 3 24h
smtp stream * * * 3 24h
xn0:submission stream * * * 3 24h
#6161 stream tcp6 christos * 2 10m
* * * * * 3 60
# adr/mask:port type proto owner name nfail disable
[remote]
#129.168.0.0/16 * * * = * *
#6161 = = = =/24 = =
#* stream tcp * = = =
# blacklistctl dump -ad
address/ma:port id nfail last access
I expected that blacklistctl(8) should return a number of IP addresses which appear in/var/log/messages as sources of login attempts.
Would you please point out what am I missing?