250931 – net/asteriskXX + blacklistd

Bug 250931 - net/asteriskXX + blacklistd

Summary: net/asteriskXX + blacklistd

Status:	Open

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-11-07 19:58 UTC by Alexey Koscheev
Modified:	2023-09-29 13:59 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey Koscheev 2020-11-07 19:58:32 UTC

Hi!

Feature request. Sorry, if bugs.freebsd.org is not suitable place for this.

Can somebody add support of blacklistd to port net/asteriskXX?

Comment 1 Guido Falsi freebsd_committer

2020-11-07 21:44:28 UTC

Hi,

I'm the maintainer of the asterisk port.

I noticed this bug report by change. Please put the origin of the port at the start of the object like "net/asterisk16", so the system can automatically assign them. This gives them higher chance to be noticed.

Regarding your request, as far as I know there is no support for blacklistd in asterisk code. SO this would be a feature request for the upstream.

I'm unable to develop such a feature myself, but if it was available in upstream code I'd have no problem adding to the port what is needed to make it work.

Comment 2 Alexey Koscheev 2020-11-07 21:54:10 UTC

(In reply to Guido Falsi from comment #1)

Upstream unlikely will add feature that will useful only for freebsd/netbsd.

Somebody added this to mail/postfix via patch.

Comment 3 Guido Falsi freebsd_committer

2020-11-07 22:12:42 UTC

Yes, it can be added for sure, but it requires some developer to actually write the patch.

While I've sent some minor patches to asterisk I would not even know where to start with this and right now I can't dedicate enough time to this.

Personally I also don't need such a feature.

The whole point of open source is that anyone has the code available and can modify it for his own needs. So usually it's the user who needs the feature to actually develop it.

If a patch is provided I can add it to the port once I'm happy testing it, and can also try to help pushing it upstream.

Comment 4 Alexey Koscheev 2020-11-07 22:17:40 UTC

(In reply to Guido Falsi from comment #3)
Ok. Could you please leave this "bug" open for some time?
On case if such developer will read it.

Comment 5 Guido Falsi freebsd_committer

2020-11-07 22:44:06 UTC

(In reply to freebsd from comment #4)
Sure no problem.

Comment 6 Guido Falsi freebsd_committer

2020-11-11 14:39:40 UTC

(In reply to freebsd from comment #4)

As a temporary solution to get functionality similar to what you're asking for I'd suggest you check out security/py-fail2ban.

It monitors log files and can react adding firewall rules depending on what appears there.

I've used similar solutions (but with worse software) in the past with asterisk to detect repeated register attempts to brute force passwords and other similar attacks with success.

Comment 7 Alexey Koscheev 2020-11-11 15:21:15 UTC

(In reply to Guido Falsi from comment #6)
Yes, i am currently using old perl-script for that, but it allow some number authentications, before block take affect.