Hi. A while ago, I started writing this little daemon which is
helping me to keep script kiddies and other unwanted guests off my
web server. Just wanted to share, hoping someone out there can put
it to good use as well.
-- Matthias
Index: infrastructure/db/user.list
===================================================================
RCS file: /cvs/ports/infrastructure/db/user.list,v
retrieving revision 1.373
diff -u -p -u -p -r1.373 user.list
--- infrastructure/db/user.list 20 Aug 2020 13:31:17 -0000 1.373
+++ infrastructure/db/user.list 31 Aug 2020 13:25:23 -0000
@@ -367,3 +367,4 @@ id user group port
856 _return _return telephony/resiprocate
857 _web2ldap _web2ldap sysutils/web2ldap
858 _purritobin _purritobin www/purritobin
+859 _pftbld _pftbld net/pftbld
Index: net/pftbld/Makefile
===================================================================
RCS file: net/pftbld/Makefile
diff -N net/pftbld/Makefile
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/pftbld/Makefile 31 Aug 2020 13:25:23 -0000
@@ -0,0 +1,27 @@
+# $OpenBSD$
+
+COMMENT = automate pf(4) table content management
+
+VERSION = 0.1.0
+DISTNAME = pftbld-${VERSION}
+CATEGORIES = net
+MAINTAINER = Matthias Pressfreund <pftbld@mpfr.net>
+
+HOMEPAGE = https://github.com/mpfr/pftbld/
+
+PERMIT_PACKAGE = Yes
+
+MASTER_SITES = https://mpfr.net/downloads/ \
+ ${HOMEPAGE}releases/download/v${VERSION}/
+
+WANTLIB += c pthread
+
+NO_TEST = Yes
+
+EXAMPLES_DIR = share/examples/pftbld
+
+post-install:
+ ${INSTALL_DATA_DIR} ${PREFIX}/${EXAMPLES_DIR}
+ ${INSTALL_DATA} ${FILESDIR}/pftbld.conf ${PREFIX}/${EXAMPLES_DIR}
+
+.include <bsd.port.mk>
Index: net/pftbld/distinfo
===================================================================
RCS file: net/pftbld/distinfo
diff -N net/pftbld/distinfo
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/pftbld/distinfo 31 Aug 2020 13:25:23 -0000
@@ -0,0 +1,2 @@
+SHA256 (pftbld-0.1.0.tar.gz) = u8RovHxLIh0Odea3TVcFSq/dTdby/CrGcU25ae5l3o0=
+SIZE (pftbld-0.1.0.tar.gz) = 40372
Index: net/pftbld/files/pftbld.conf
===================================================================
RCS file: net/pftbld/files/pftbld.conf
diff -N net/pftbld/files/pftbld.conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/pftbld/files/pftbld.conf 31 Aug 2020 13:25:23 -0000
@@ -0,0 +1,34 @@
+#log "/var/log/pftbld.log"
+
+exclude {
+ localhosts
+# net "10.0.0/24"
+}
+
+drop 3w
+
+target "www" {
+ persist "/etc/pftbld/clientaddr-www.list"
+# exclude keyterms "/etc/pftbld/keyterms-www.list"
+
+ socket "/var/www/run/pftbld-www.sock" {
+ owner "www"
+ group "www"
+ }
+
+ cascade {
+ table "attackers"
+ hits 4
+ expire 1h
+
+ step {
+ hits 12
+ expire 6h
+ }
+ step {
+ expire 5d
+ no drop
+ kill nodes
+ }
+ }
+}
Index: net/pftbld/pkg/DESCR
===================================================================
RCS file: net/pftbld/pkg/DESCR
diff -N net/pftbld/pkg/DESCR
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/pftbld/pkg/DESCR 31 Aug 2020 13:25:23 -0000
@@ -0,0 +1,8 @@
+The pftbld(8) program was primarily designed to automate the
+management of dynamic firewall blacklists. It listens on UNIX-domain
+sockets for incoming IP addresses, usually sent by client programs
+such as network services and applications, and makes them traverse
+pf(4) tables according to its configuration and the history of their
+occurrance. As pftbld(8) can persist managed addresses and meta-data,
+it is capable of restoring its runtime status and corresponding
+pf(4) tables through system reboots and migrations.
Index: net/pftbld/pkg/PLIST
===================================================================
RCS file: net/pftbld/pkg/PLIST
diff -N net/pftbld/pkg/PLIST
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/pftbld/pkg/PLIST 31 Aug 2020 13:25:23 -0000
@@ -0,0 +1,11 @@
+@comment $OpenBSD: PLIST,v$
+@newgroup _pftbld:859
+@newuser _pftbld:859:_pftbld::pftbld unprivileged user:/var/empty:/sbin/nologin
+@rcscript ${RCDIR}/pftbld
+@man man/man5/pftbld.conf.5
+@man man/man8/pftblctl.8
+@man man/man8/pftbld.8
+@bin sbin/pftblctl
+@bin sbin/pftbld
+share/examples/pftbld/
+share/examples/pftbld/pftbld.conf
Index: net/pftbld/pkg/pftbld.rc
===================================================================
RCS file: net/pftbld/pkg/pftbld.rc
diff -N net/pftbld/pkg/pftbld.rc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/pftbld/pkg/pftbld.rc 31 Aug 2020 13:25:23 -0000
@@ -0,0 +1,9 @@
+#!/bin/ksh
+#
+# $OpenBSD$
+
+daemon="${PREFIX}/sbin/pftbld"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1
No comments:
Post a Comment