NetBSD Problem Report #54168

From neitzel@hackett.marshlabs.gaertner.de  Mon May  6 13:36:54 2019
Return-Path: <neitzel@hackett.marshlabs.gaertner.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 5CBFE7A158
	for <gnats-bugs@gnats.NetBSD.org>; Mon,  6 May 2019 13:36:54 +0000 (UTC)
Message-Id: <20190506133648.BC30F34947@marshlabs-mx.gaertner.de>
Date: Mon,  6 May 2019 15:36:48 +0200 (CEST)
From: neitzel@hackett.marshlabs.gaertner.de
Reply-To: neitzel@hackett.marshlabs.gaertner.de
To: gnats-bugs@NetBSD.org
Subject: Wrong IPv6 parsing in blacklistd.conf(5)
X-Send-Pr-Version: 3.95

>Number:         54168
>Category:       bin
>Synopsis:       blacklistd.conf requires dummy port wildcard with IPv6 networks
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 06 13:40:00 +0000 2019
>Originator:     Martin Neitzel
>Release:        NetBSD 7.2_STABLE 2019-05-05
>Organization:
	Gaertner Datensysteme, Marshlabs
>Environment:
System: NetBSD hackett.marshlabs.gaertner.de 7.2_STABLE NetBSD 7.2_STABLE (GENERIC) #10: Mon May 6 00:23:20 CEST 2019 neitzel@hackett.marshlabs.gaertner.de:/scratch/obj/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:

Specifying an IPV6 network without a port specification in the
blacklistd.conf(5)  "[remote]" section (elicits an error message
like

	blacklistd[706]: getnum: /etc/blacklistd.conf, 16: Bad number for service []

to be logged.  The same syntax works just fine for IPv4 networks
(and is part of the /usr/share/examples/blacklist/blacklistd.conf
file).


>How-To-Repeat:

Add a whitelisting entry such as

	[remote]
	[2a00:1030:100::]/48  *       *       *       *       *       *

to your blacklistd.conf,

	/etc/rc.d/blacklistd restart

and
	tail /var/log/messages

or whatever to see the complaint about the "bad service".

It is unclear whether such a configuration entry line is completely ignored
or in use nevertheless.  (It would be nice if blacklistctl(8) could reflect
the loaded ruleset.)

>Workaround:

Use a dummy wildcard port sepcification like this:

[2a00:1030:100::]/48:*  *       *       *       *       *       *

>Fix:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.