> set -x or something.
Sorry, I should have started with that.
test73# doas -u _pfbadhost pf-badhost -O openbsd
doas (root@test73.my.domain) password:
+ set -ef
+ _AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
+ _LOG=1
+ _STRICT=1
+ _RETRY=3
+ _IPV4=1
+ _IPV6=0
+ _AGGREGATE=0
+ _GEOBLOCK=0
+ _BOGON_4=0
+ _BOGON_6=0
+ _HAIL_MARY=0
+ _LOGIN_LIMIT=25
+ cat
+ << "__EOT"
+ _COUNTRY_CODES=# CN
# IR
# KP
+ cat
+ << "__EOT"
+ _ASN_LIST=# AS64496
+ cat
+ << "__EOT"
+ _BLOCKLISTS=### Local File Example
# file:/path/to/local/file
### Download popular IPv4 blocklists
https://www.binarydefense.com/banlist.txt
https://rules.emergingthreats.net/blockrules/compromised-ips.txt
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
### Firehol level 3 can be a little aggressive.
### Ill leave it up to users to choose to enable.
# https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
### Spamhause DROP lists (Dont Route Or Peer)
https://www.spamhaus.org/drop/drop.txt
https://www.spamhaus.org/drop/edrop.txt
https://www.spamhaus.org/drop/dropv6.txt
### Block Shodan
https://isc.sans.edu/api/threatlist/shodan/?text
### Block botnets + command and control servers
https://feodotracker.abuse.ch/downloads/ipblocklist.txt
https://sslbl.abuse.ch/blacklist/sslipblacklist.txt
### Optional lists -- uncomment to enable
### Block IPv4 Martians
# https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
### Ozgur Kazancci Community Block List
### This is a list of IPs that Ozgur has found
### to have been missed by the pf-badhost default lists
# https://ozgur.kazancci.com/ban-me.txt
### StopForumSpam.com Toxic IP Ranges
### Download Rate limited to 24/day, so disabled by default
# https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt
# https://www.stopforumspam.com/downloads/listed_ip_1_ipv46.gz
### Blocklist.de - uncomment to enable
### Combined list of all blocklist.de lists
# https://lists.blocklist.de/lists/all.txt
### SSH attackers
# https://lists.blocklist.de/lists/22.txt
# https://lists.blocklist.de/lists/ssh.txt
# https://lists.blocklist.de/lists/bruteforcelogin.txt
### FTP attackers
# https://lists.blocklist.de/lists/21.txt
# https://lists.blocklist.de/lists/ftp.txt
# https://lists.blocklist.de/lists/proftpd.txt
### HTTP/Apache attackers
# https://lists.blocklist.de/lists/80.txt
# https://lists.blocklist.de/lists/443.txt
# https://lists.blocklist.de/lists/apache.txt
### SMTP/E-Mail Attackers
# https://lists.blocklist.de/lists/25.txt
# https://lists.blocklist.de/lists/110.txt
# https://lists.blocklist.de/lists/143.txt
# https://lists.blocklist.de/lists/993.txt
# https://lists.blocklist.de/lists/email.txt
# https://lists.blocklist.de/lists/mail.txt
# https://lists.blocklist.de/lists/imap.txt
# https://lists.blocklist.de/lists/courierimap.txt
# https://lists.blocklist.de/lists/courierpop3.txt
# https://lists.blocklist.de/lists/pop3.txt
# https://lists.blocklist.de/lists/postfix.txt
### VOIP/SIP Attackers
# https://lists.blocklist.de/lists/asterisk.txt
# https://lists.blocklist.de/lists/sip.txt
### IRC / Bots
# https://lists.blocklist.de/lists/ircbot.txt
# https://lists.blocklist.de/lists/bots.txt
+ cat
+ << "__EOT"
+ _USER_RULES=
### Examples: (uncomment to enable)
# !169.254.169.254
# !2001:19f0:ffff::1
# !255.255.255.255
# Multicast
# 224.0.0.0/3
### NAT64/DNS64 Discovery
# !192.0.0.170
# !192.0.0.171
### Carrier Grade NAT (RFC 6598) Address Space
# !100.64.0.0/10
### Unique Local IPv6
# !fc00::/7
+ _TOR_WHITELIST=0
+ _TOR_BLOCK_ALL=0
+ _TOR_BLOCK_EXIT=0
+ _RFC3330=1
+ _RFC5156=1
+ _WHITELIST=0
+ cat
+ << "__EOT"
+ _SUBNET_MERGE_PERL=#!/usr/bin/perl -lp0a
$_=join$\,sort map{1x(s/\d*./unpack B8,chr$&/ge>4?$&:32)&$_}@F;1while s/^(.*)
\1.*/$1/m||s/^(.*)0
\1.$/$1/m;s!^.*!(join'.',map{ord}split'',pack B32,$&).'/'.length$&!gme
+ command -v emulate
+ > /dev/null
+ 2>&1
+ command -v typeset
+ > /dev/null
+ 2>&1
+ main -O openbsd
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction
Illegal instruction (core dumped)
Illegal instruction (core dumped)
Illegal instruction (core dumped)
Illegal instruction (core dumped)
No blocklist changes...
Illegal instruction (core dumped)
pf-badhost:
IPv4 addresses in table: 0
test73#
On Thu, 1 Jun 2023 14:11:39 -0000 (UTC)
Stuart Henderson <stu.lists@spacehopper.org> wrote:
> On 2023-06-01, Radek <rdk@int.pl> wrote:
> > Hello Stuart,
> >
> >> What is the name of the core dump file?
> > Actually there isn't any .core file.
> > test73# find / -name '*.core'
> > test73#
>
> From your earlier mail:
>
> test73# doas -u _pfbadhost pf-badhost -O openbsd
> doas (root@test73.my.domain) password:
> Illegal instruction
> Illegal instruction
> Illegal instruction
> Illegal instruction
> Illegal instruction
> Illegal instruction
> Illegal instruction (core dumped)
> Illegal instruction (core dumped)
> Illegal instruction (core dumped)
> Illegal instruction (core dumped)
>
> So there should be one. Anyway, since you are the one seeing the problem,
> you'll need to figure out a way to work out which of the many possible
> programs is hitting this. Maybe add echos to the script, or run it with
> set -x or something.
>
> There's nothing more others can do without more information.
>
Radek
No comments:
Post a Comment