*I recommend to use this feature in ipfw is because delete ip using crontab sounds not good for me.*
*Regards,* *Bill Yuan* On 19 January 2015 at 17:51, Michael Neumann <[email protected]> wrote: > > > Am 18.01.2015 um 12:31 schrieb bycn82: > >> /Hi,/ >> / >> / >> /I just implemented a feature which can work nicely with your sshlockout. >> / >> /You can manually insert a state as below and the state will be maintain >> by ipfw itself./ >> / >> / >> /ipfw state add rulenum 100 udp 192.168.1.1:0 <http://192.168.1.1:0> >> 8.8.8.8:53 <http://8.8.8.8:53> expiry +600/ >> / >> / >> /so you dont need to implement the logic to maintain the IP addresses or >> configure any crontab to remove../ >> > > Cool! > > I think I will extend sshlockout so that it runs arbitrary commands. > > At the moment you run: > > sshlockout lockout > > which would then be equal to: > > sshlockout "pfctl -tlockout -Tadd %s" > > So it will works with ipfw: > > sshlockout "ipfw state add rulenum 100 udp 192.168.1.1:0 %s:53 expiry > +600" > > What do you think? > > Regards, > > Michael > > > / >> / >> /different state can have different expiry or "life time"./ >> / >> / >> /any comment?/ >> / >> / >> >> /Regards,/ >> /Bill Yuan/ >> >> On 14 January 2015 at 02:25, Michael Neumann >> <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> commit ed17c1722f7702eb6422f73152c0091819a1900f >> Author: Michael Neumann <[email protected] <mailto:[email protected] >> >> >> Date: Tue Jan 13 13:04:29 2015 +0100 >> >> sshlockout - use a PF table instead of IPFW >> >> Summary of changes: >> usr.sbin/sshlockout/sshlockout.8 | 27 +++++++++++------- >> usr.sbin/sshlockout/sshlockout.c | 59 >> +++++++++++++++++++++++++++------------- >> 2 files changed, 57 insertions(+), 29 deletions(-) >> >> http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ >> ed17c1722f7702eb6422f73152c0091819a1900f >> >> >> -- >> DragonFly BSD source repository >> >> >>
