HomeFreeBSD

Extend libblacklist support with new action types

Description

Extend libblacklist support with new action types

The original blacklist library supported two notification types:

  • failed auth attempt, which incremented the failed login count by one for the remote address
  • successful auth attempt, which reset the failed login count to zero for that remote address

When the failed login count reached the limit in the configuration
file, the remote address would be blocked by a packet filter.

This patch implements a new notification type, "abusive behavior",
and accepts, but does not act on an additional type, "bad username".
It is envisioned that a system administrator will configure a small
list of "known bad usernames" that should be blocked immediately.

Reviewed by: emaste
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D10604

Details

Committed
lidlMay 23 2017, 7:03 PM
Reviewer
emaste
Differential Revision
D10604: extend blacklist support with new action types
Parents
rS318754: Pass -N directly to ld via -Wl rather than passing it to the compiler driver.
Branches
Unknown
Tags
Unknown