On 3/24/21 11:48 AM, Peter Nicolai Mathias Hansteen wrote: >> 24. mar. 2021 kl. 19:33 skrev jeanpierre >> <jeanpie...@jeanpierredevilliers.xyz>: >> >> Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon? >> >> For the sake of completeness: blacklistd is a daemon that, using pf >> anchors, blocks connections from abusive hosts to parctiular services >> (e.g. sshd) until they start behaving themselves again. >> >> I find it very useful for timming down log files. > Not in the base system but you might want to take a peek at pf-badhosts > (described among other places in this OpenBSD Journal article > https://undeadly.org/cgi?action=article;sid=20210119113425 > <https://undeadly.org/cgi?action=article;sid=20210119113425>) which should be > fairly easy to adapt to using more or other sources such as the bsdly.net > <http://bsdly.net/> feed maintained mainly by kind robots under supervision > by yours truly (see > https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html > <https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html> and > links therein and in the proximity) > > Cheers, > Peter > > — > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > >
I use Peter's "bruteforcers" list on my personal pf-badhost installs. pf-badhost will happily parse and ingest the IPv4 and IPv6 data in Peter's blocklists. Just use the '-l' option to include an additional URL. Something like this should work to include his lists: $ pf-badhost -O openbsd -l 'https://www.bsdly.net/~peter/bruteforcers.txt' I intend to include this among the default lists in the next release -- the only reason it wasn't included in v0.5 was because I discovered it too late. Happy bot blocking! Regards, Jordan