Date: Tue, 13 Oct 2015 14:54:56 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r399196 - head Message-ID: <201510131454.t9DEsucV055730@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Tue Oct 13 14:54:55 2015 New Revision: 399196 URL: https://svnweb.freebsd.org/changeset/ports/399196 Log: Document security/sshguard-ipfw 1.6.2 changes Modified: head/UPDATING Modified: head/UPDATING ============================================================================== --- head/UPDATING Tue Oct 13 14:28:00 2015 (r399195) +++ head/UPDATING Tue Oct 13 14:54:55 2015 (r399196) @@ -5,6 +5,25 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20151013: + AFFECTS: users of security/sshguard-ipfw + AUTHOR: feld@FreeBSD.org + + The sshguard update to 1.6.2 introduces a rewritten IPFW backend. The + previous approach was to insert individual block rules with a + predefined numbered range. This does not scale well and is not + flexible so the design was scrapped. The new approach utilizes IPFW + tables. The sshguard IPFW backend now inserts offenders into hardcoded + table 22. + + To continue blocking the attackers effectively you will need to add a + block rule like the following: + + ipfw add deny all from 'table(22)' to any + + The release announcement can be found here: + http://sourceforge.net/p/sshguard/mailman/message/34534861/ + 20151011: AFFECTS: users of emulators/qemu-sbruno, emulators/qemu-user-static AUTHOR: sbruno@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201510131454.t9DEsucV055730>