Bug 250931

Summary: net/asteriskXX + blacklistd
Product: Ports & Packages Reporter: freebsd
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Open ---    
Severity: Affects Many People CC: madpilot
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   

Description freebsd 2020-11-07 19:58:32 UTC
Hi!

Feature request. Sorry, if bugs.freebsd.org is not suitable place for this.

Can somebody add support of blacklistd to port net/asteriskXX?
Comment 1 Guido Falsi freebsd_committer 2020-11-07 21:44:28 UTC
Hi,

I'm the maintainer of the asterisk port.

I noticed this bug report by change. Please put the origin of the port at the start of the object like "net/asterisk16", so the system can automatically assign them. This gives them higher chance to be noticed.

Regarding your request, as far as I know there is no support for blacklistd in asterisk code. SO this would be a feature request for the upstream.

I'm unable to develop such a feature myself, but if it was available in upstream code I'd have no problem adding to the port what is needed to make it work.
Comment 2 freebsd 2020-11-07 21:54:10 UTC
(In reply to Guido Falsi from comment #1)

Upstream unlikely will add feature that will useful only for freebsd/netbsd.

Somebody added this to mail/postfix via patch.
Comment 3 Guido Falsi freebsd_committer 2020-11-07 22:12:42 UTC
Yes, it can be added for sure, but it requires some developer to actually write the patch.

While I've sent some minor patches to asterisk I would not even know where to start with this and right now I can't dedicate enough time to this.

Personally I also don't need such a feature.

The whole point of open source is that anyone has the code available and can modify it for his own needs. So usually it's the user who needs the feature to actually develop it.

If a patch is provided I can add it to the port once I'm happy testing it, and can also try to help pushing it upstream.
Comment 4 freebsd 2020-11-07 22:17:40 UTC
(In reply to Guido Falsi from comment #3)
Ok. Could you please leave this "bug" open for some time?
On case if such developer will read it.
Comment 5 Guido Falsi freebsd_committer 2020-11-07 22:44:06 UTC
(In reply to freebsd from comment #4)
Sure no problem.
Comment 6 Guido Falsi freebsd_committer 2020-11-11 14:39:40 UTC
(In reply to freebsd from comment #4)

As a temporary solution to get functionality similar to what you're asking for I'd suggest you check out security/py-fail2ban.

It monitors log files and can react adding firewall rules depending on what appears there.

I've used similar solutions (but with worse software) in the past with asterisk to detect repeated register attempts to brute force passwords and other similar attacks with success.
Comment 7 freebsd 2020-11-11 15:21:15 UTC
(In reply to Guido Falsi from comment #6)
Yes, i am currently using old perl-script for that, but it allow some number authentications, before block take affect.