NetBSD Problem Report #54168
From neitzel@hackett.marshlabs.gaertner.de Mon May 6 13:36:54 2019
Return-Path: <neitzel@hackett.marshlabs.gaertner.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 5CBFE7A158
for <gnats-bugs@gnats.NetBSD.org>; Mon, 6 May 2019 13:36:54 +0000 (UTC)
Message-Id: <20190506133648.BC30F34947@marshlabs-mx.gaertner.de>
Date: Mon, 6 May 2019 15:36:48 +0200 (CEST)
From: neitzel@hackett.marshlabs.gaertner.de
Reply-To: neitzel@hackett.marshlabs.gaertner.de
To: gnats-bugs@NetBSD.org
Subject: Wrong IPv6 parsing in blacklistd.conf(5)
X-Send-Pr-Version: 3.95
>Number: 54168
>Category: bin
>Synopsis: blacklistd.conf requires dummy port wildcard with IPv6 networks
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 06 13:40:00 +0000 2019
>Originator: Martin Neitzel
>Release: NetBSD 7.2_STABLE 2019-05-05
>Organization:
Gaertner Datensysteme, Marshlabs
>Environment:
System: NetBSD hackett.marshlabs.gaertner.de 7.2_STABLE NetBSD 7.2_STABLE (GENERIC) #10: Mon May 6 00:23:20 CEST 2019 neitzel@hackett.marshlabs.gaertner.de:/scratch/obj/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
Specifying an IPV6 network without a port specification in the
blacklistd.conf(5) "[remote]" section (elicits an error message
like
blacklistd[706]: getnum: /etc/blacklistd.conf, 16: Bad number for service []
to be logged. The same syntax works just fine for IPv4 networks
(and is part of the /usr/share/examples/blacklist/blacklistd.conf
file).
>How-To-Repeat:
Add a whitelisting entry such as
[remote]
[2a00:1030:100::]/48 * * * * * *
to your blacklistd.conf,
/etc/rc.d/blacklistd restart
and
tail /var/log/messages
or whatever to see the complaint about the "bad service".
It is unclear whether such a configuration entry line is completely ignored
or in use nevertheless. (It would be nice if blacklistctl(8) could reflect
the loaded ruleset.)
>Workaround:
Use a dummy wildcard port sepcification like this:
[2a00:1030:100::]/48:* * * * * * *
>Fix:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.