FreeBSD Doc/books_handbook — Turkish (tr_TR) @ Weblate: <prompt>#</prompt> <userinput>blacklistctl dump -b</userinput> address/ma:port id nfail last access 213.0.123.128/25:22 …

Translation

Content

Source string comment (itstool) path: sect2/screen

English

<prompt>#</prompt><userinput>blacklistctl dump -b</userinput>
address/ma:port idnfaillast access
213.0.123.128/25:22OK6/32019/06/08 14:30:19

Turkish (tr_TR)

0/1700

Needs editing

Context	English	Turkish (tr_TR)	State
	Remote rules are used to specify how blacklistd changes its behavior depending on the remote host currently being evaluated. Each field in a remote rule is the same as in a local rule. The only difference is in the way blacklistd is using them. To explain it, this example rule is used:
	[remote] 203.0.113.128/25 * * * =/25 = 48h
	The address field can be an IP address (either v4 or v6), a port or both. This allows setting special rules for a specific remote address range like in this example. The fields for type, protocol and owner are identically interpreted as in the local rule.
	The name fields is different though: the equal sign (<literal>=</literal>) in a remote rule tells blacklistd to use the value from the matching local rule. It means that the firewall rule entry is taken and the <systemitem class="netmask">/25</systemitem> prefix (a netmask of <systemitem class="netmask">255.255.255.128</systemitem>) is added. When a connection from that address range is blacklisted, the entire subnet is affected. A PF anchor name can also be used here, in which case blacklistd will add rules for this address block to the anchor of that name. The default table is used when a wildcard is specified.
	A custom number of failures in the <literal>nfail</literal> column can be defined for an address. This is useful for exceptions to a specific rule, to maybe allow someone a less strict application of rules or a bit more leniency in login tries. Blocking is disabled when an asterisk is used in this sixth field.
	Remote rules allow a stricter enforcement of limits on attempts to log in compared to attempts coming from a local network like an office.
	Blacklistd Client Configuration
	There are a few software packages in FreeBSD that can utilize blacklistd's functionality. The two most prominent ones are <citerefentry><refentrytitle>ftpd</refentrytitle><manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry> to block excessive connection attempts. To activate blacklistd in the SSH daemon, add the following line to <filename>/etc/ssh/sshd_config</filename>:
	UseBlacklist yes
	Restart sshd afterwards to make these changes take effect.
	Blacklisting for <citerefentry><refentrytitle>ftpd</refentrytitle><manvolnum>8</manvolnum></citerefentry> is enabled using <literal>-B</literal>, either in <filename>/etc/inetd.conf</filename> or as a flag in <filename>/etc/rc.conf</filename> like this:
	ftpd_flags="-B"
	That is all that is needed to make these programs talk to blacklistd.
	Blacklistd Management
	Blacklistd provides the user with a management utility called <citerefentry><refentrytitle>blacklistctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>. It displays blocked addresses and networks that are blacklisted by the rules defined in <citerefentry><refentrytitle>blacklistd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. To see the list of currently blocked hosts, use <command>dump</command> combined with <option>-b</option> like this.
	<prompt>#</prompt> <userinput>blacklistctl dump -b</userinput> address/ma:port id nfail last access 213.0.123.128/25:22 OK 6/3 2019/06/08 14:30:19
	This example shows that there were 6 out of three permitted attempts on port 22 coming from the address range <systemitem class="netmask">213.0.123.128/25</systemitem>. There are more attempts listed than are allowed because SSH allows a client to try multiple logins on a single TCP connection. A connection that is currently going on is not stopped by blacklistd. The last connection attempt is listed in the <literal>last access</literal> column of the output.
	To see the remaining time that this host will be on the blacklist, add <option>-r</option> to the previous command.
	<prompt>#</prompt> <userinput>blacklistctl dump -br</userinput> address/ma:port id nfail remaining time 213.0.123.128/25:22 OK 6/3 36s
	In this example, there are 36s seconds left until this host will not be blocked any more.
	Removing Hosts from the Block List
	Sometimes it is necessary to remove a host from the block list before the remaining time expires. Unfortunately, there is no functionality in blacklistd to do that. However, it is possible to remove the address from the PF table using pfctl. For each blocked port, there is a child anchor inside the blacklistd anchor defined in <filename>/etc/pf.conf</filename>. For example, if there is a child anchor for blocking port 22 it is called <literal>blacklistd/22</literal>. There is a table inside that child anchor that contains the blocked addresses. This table is called port followed by the port number. In this example, it would be called <literal>port22</literal>. With that information at hand, it is now possible to use <citerefentry><refentrytitle>pfctl</refentrytitle><manvolnum>8</manvolnum></citerefentry> to display all addresses listed like this:
	<prompt>#</prompt> <userinput>pfctl -a <replaceable>blacklistd/22</replaceable> -t <replaceable>port22</replaceable> -T show</userinput> ... 213.0.123.128/25 ...
	After identifying the address to be unblocked from the list, the following command removes it from the list:
	<prompt>#</prompt> <userinput>pfctl -a <replaceable>blacklistd/22</replaceable> -t <replaceable>port22</replaceable> -T delete <replaceable>213.0.123.128/25</replaceable></userinput>
	The address is now removed from PF, but will still show up in the blacklistctl list, since it does not know about any changes made in PF. The entry in blacklistd's database will eventually expire and be removed from its output eventually. The entry will be added again if the host is matching one of the block rules in blacklistd again.
	Advanced Networking
	This chapter covers a number of advanced networking topics.
	The basics of gateways and routes.
	How to set up USB tethering.
	How to set up <trademark class="registered">IEEE</trademark> 802.11 and <trademark class="registered">Bluetooth</trademark> devices.

Loading…

No matching activity found.

Browse all component changes

Glossary

English	Turkish (tr_TR)
access	erişim,erişmek	FreeBSD Doc
administrative access	yönetici erişimi	FreeBSD Doc
broadcast address	yayın adresi	FreeBSD Doc
Discretionary Access Control (DAC)	İsteğe Bağlı Erişim Kontrolü	FreeBSD Doc
dump	dökmek	FreeBSD Doc
internal address	yerel adres	FreeBSD Doc
legacy port	eski bağlantı noktası	FreeBSD Doc
loopback address	geri döngü adresi	FreeBSD Doc
MAC address	MAC adresi	FreeBSD Doc
mandatory access control	zorunlu erişim denetimi	FreeBSD Doc
parallel port	paralel bağlantı noktası	FreeBSD Doc
port	port (bağlantı noktası)	FreeBSD Doc
privileged access	ayrıcalıklı erişim	FreeBSD Doc
serial port	seri bağlantı noktası	FreeBSD Doc
to port	bağlanmak	FreeBSD Doc
USB port	USB bağlantı noktası	FreeBSD Doc

Source information

Source string comment

(itstool) path: sect2/screen

Flags

ignore-same, no-wrap

Source string location

book.translate.xml:63963

String age

8 months ago

Source string age

a year ago

Translation file

books/tr_TR/handbook.po, string 10485