Jeff Rizzo <[email protected]> writes:
> I've been meaning to sit down and figure out where I need to hook to
> various services to avail myself of blocklistd's assistance for a
> couple of years now, but with an increasingly limited amount of time
> to spend on peripheral tasks, I keep running into the issue where I
> get started and then almost immediately distracted by something else.
> So, has anyone written up any kind of "here's how I added blocklistd
> support to XYZ" documentation I might be able to crib from? I keep
> getting as far as reading the man pages and glancing at the NetBSD
> wiki, and they've gotten me this far, but I'm hoping to get a little
> farther this time. :) :) :)
I have also been meaning to understand blocklistd.
Not a writeup, but for pointers to code to steal:
See src/crypto/external/bsd/openssh/dist
read (and then steal) pfilter.c
egrep pfilter_notify *
Wonder why 1 is used with pfilter_notify instead of
BLOCKLIST_AUTH_FAIL. Realize it's probably because <blocklist.h> is
not included in pfilter.h, but that blocklist.h should be include, or
perhaps pfilter_notify_auth_fail should be defined and called instead,
or
Wonder why pfilter_notify is never called with 0==BLOCKLIST_AUTH_OK.
read the comment in sshd-session.c:
n.b. hosts_access(3) has logged and notified blocklistd
and feel befuddled, because hosts_access(3) does not document doing
anything with blocklist.
See src/lib/libwrap, and figure out that if tcpwrappers refuses the
connection, then a failure report is made, but that no success
report is ever made. Realize this makes sense, but that the libwrap
documentation and the comment in ssh mkes this very conusing
