On 3/24/21 11:48 AM, Peter Nicolai Mathias Hansteen wrote:
>> 24. mar. 2021 kl. 19:33 skrev jeanpierre <jeanpierre@jeanpierredevilliers.xyz>:
>>
>> Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon?
>>
>> For the sake of completeness: blacklistd is a daemon that, using pf
>> anchors, blocks connections from abusive hosts to parctiular services
>> (e.g. sshd) until they start behaving themselves again.
>>
>> I find it very useful for timming down log files.
> Not in the base system but you might want to take a peek at pf-badhosts (described among other places in this OpenBSD Journal article https://undeadly.org/cgi?action=article;sid=20210119113425 <https://undeadly.org/cgi?action=article;sid=20210119113425>) which should be fairly easy to adapt to using more or other sources such as the bsdly.net <http://bsdly.net/> feed maintained mainly by kind robots under supervision by yours truly (see https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html <https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html> and links therein and in the proximity)
>
> Cheers,
> Peter
>
> —
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
>
>
I use Peter's "bruteforcers" list on my personal pf-badhost installs. pf-badhost will happily parse and ingest the IPv4 and IPv6 data in Peter's blocklists.
Just use the '-l' option to include an additional URL. Something like this should work to include his lists:
$ pf-badhost -O openbsd -l 'https://www.bsdly.net/~peter/bruteforcers.txt'
I intend to include this among the default lists in the next release -- the only reason it wasn't included in v0.5 was because I discovered it too late.
Happy bot blocking!
Regards,
Jordan
No comments:
Post a Comment