From owner-freebsd-ports@freebsd.org  Tue Oct 17 13:16:42 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 569CDE3A356
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Tue, 17 Oct 2017 13:16:42 +0000 (UTC)
 (envelope-from alexvpetrov@gmail.com)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 2EA656C8E0
 for <freebsd-ports@freebsd.org>; Tue, 17 Oct 2017 13:16:42 +0000 (UTC)
 (envelope-from alexvpetrov@gmail.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 2A9C6E3A354; Tue, 17 Oct 2017 13:16:42 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 28EFFE3A353
 for <ports@mailman.ysv.freebsd.org>; Tue, 17 Oct 2017 13:16:42 +0000 (UTC)
 (envelope-from alexvpetrov@gmail.com)
Received: from mail-lf0-x243.google.com (mail-lf0-x243.google.com
 [IPv6:2a00:1450:4010:c07::243])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9D2AF6C8DF
 for <ports@freebsd.org>; Tue, 17 Oct 2017 13:16:41 +0000 (UTC)
 (envelope-from alexvpetrov@gmail.com)
Received: by mail-lf0-x243.google.com with SMTP id a16so1968071lfk.0
 for <ports@freebsd.org>; Tue, 17 Oct 2017 06:16:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=bDOHz78zaoN4Gz1I5PBWOCiDgnSIUCkBAkJLyQmf9g4=;
 b=W9W11eUfQ+YsMQ64EAjrIJlenn1PYVkQNLAH2vO1VcpgeFp7evryNPl+uxDg26vpfd
 HIcv46wYHo7xp9kd6nX/Sy1PlY9eA8rRKCILPuCG/agmJYBfnfhb3jCViCn4gIL5KO2F
 60R6lyDS9QUUpNKkgKPthWVWxbwNMUjobaUBTDkrtLFTjkzSh19jifipMsZJjTblQVTv
 LufXdnhn0IiVsRqyA9xFFDLTo7v09OG/ifH9WXJMoj5qR2+/wNLt5nypKNJlA0SNkqrC
 N6Qw730TELMp7y1Q12qrunBW8EMzLrHqVaEiE813ziJaqT6bIP7q3VwjRGO6YjeeYdVX
 aNzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=bDOHz78zaoN4Gz1I5PBWOCiDgnSIUCkBAkJLyQmf9g4=;
 b=IabZBmH0bkU+qOv7YwwJ3ihUES60jgG0r2GxJk4M2jLkCbRTz3kfHyKn/E15O+LQIO
 vQlipPxosjYEYyGB4RhRx0dPNxiqH3xmYDWzhmt9DmWMwOnUCLAcSSF69ovmG71HZBzp
 mB5iu5DaJBFzjm6A+ihSe2bUaluhIL+tNQq8I8w7Df4ljmadIbA+La3PE5qmbY/XbAFI
 b29VNoeOiHvXCL2gczNW6+++DPPUpRc4T/FTA0tFUa+fv01vIaBndXTkD6GyBfgEDHuV
 qwKZGNeF8dVHvaEMRHCNHW+MVRzHRD+I0daAwvf/SAt5hIsnCRsXSeWw1Ukv3kDbHX5g
 bmdg==
X-Gm-Message-State: AMCzsaWi/hb1YpElOzaxQtd6MqTldBRCNnoNjb+Ne4VHXw6bvtegXFSp
 PVW3dH4m1m1Y7D9WxoUEZ9LHft6A
X-Google-Smtp-Source: ABhQp+QSK2oHYHMXcUWfzwjQuBv1m89nZ2zOM/ggsV5sv6GG+gZKHt2x3/1ueGon9/lFpUzo+tsz6A==
X-Received: by 10.25.143.78 with SMTP id r75mr4137292lfd.85.1508246199437;
 Tue, 17 Oct 2017 06:16:39 -0700 (PDT)
Received: from alex.super (stone.g-service.ru. [84.22.141.217])
 by smtp.googlemail.com with ESMTPSA id p204sm1984214lfp.86.2017.10.17.06.16.37
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 17 Oct 2017 06:16:38 -0700 (PDT)
Subject: Re: FreeBSD Port: py27-fail2ban-0.10.1
To: Tommy Scheunemann <net@arrishq.net>
Cc: theis@gmx.at, ports@FreeBSD.org
References: <49fbc280-f598-6734-0bdb-dfd24de4fa56@gmail.com>
 <nycvar.OFS.7.76.1710171440310.1189@ybpnyubfg.zl.qbznva>
From: "Alex V. Petrov" <alexvpetrov@gmail.com>
Message-ID: <8aa48ea4-4740-539f-6bbe-0b95dba59b5c@gmail.com>
Date: Tue, 17 Oct 2017 20:16:37 +0700
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <nycvar.OFS.7.76.1710171440310.1189@ybpnyubfg.zl.qbznva>
Content-Type: text/plain; charset=utf-8
Content-Language: ru-RU
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2017 13:16:42 -0000

In the old version I did so.


17.10.2017 19:47, Tommy Scheunemann пишет:
> Hi,
> 
> a simple setup that does the job for me:
> 
> In /etc/pf.conf (bge0 is my external interface)
> 
> --- SNIP ---
> int_ext="bge0"
> ...
> table <blocked_hosts>
> ...
> block in quick on $int_ext from <badhosts> to any
> ...
> --- SNIP ---
> 
> And in ${PREFIX}/fail2ban/action.d defining a new "pf" action, e.g. pf.conf
> 
> --- SNIP ---
> [Definition]
> actionban = /usr/local/bin/drop_ban <ip>
> actionunban = /usr/local/bin/drop_unban <ip>
> actioncheck =
> actionstart =
> actionstop =
> 
> [Init]
> --- SNIP ---
> 
> And the "drop_ban" and "drop_unban" scripts:
> 
> for ban:
> 
> --- SNIP ---
> #!/bin/sh
> IP=$1
> /sbin/pfctl -t badhosts -T add $IP
> --- SNIP ---
> 
> for unban
> 
> --- SNIP ---
> #!/bin/sh
> IP=$1
> /sbin/pfctl -t badhosts -T del $IP
> --- SNIP ---
> 
> I'm using scripts instead of directly using actionban / actionunban to
> do some additional things like running a tcpdrop, having some better
> logging.
> 
> Once done with all this, you can use "action = pf" in your jail.conf file.
> 
> Apart this I'd highly recommend to put all this into some configuration
> system (Ansible, Puppet, Cfengine etc.).
> Updating the package / port will overwrite your local changes !
> 
> Have fun & good luck
> 
> On Tue, 17 Oct 2017, Alex V. Petrov wrote:
> 
>> Need a working sample for the new version of the port for pf.
>>
>> -----
>> Alex.
>> _______________________________________________
>> freebsd-ports@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
>> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"
>>
> 
> 

-- 
-----
Alex.