Hi You are rightfully confused. It should definitely be available (I did not think of that obvious case). Maybe this is an ipv6 issue.
I'll see if I can find a solution. This local computer, was it connected using ipv4 or ipv6? / Ola Sent from a phone Den 10 jun 2016 01:39 skrev "Mitch Deoudes" <mi...@houseofpain.org>: > > > On 6/9/2016 5:36 PM, Ola Lundqvist wrote: > >> Hi Mitch >> >> I'm not fully sure whether the remote IP address is available through >> the socket. If it is, then we could probably fetch it in some way. >> >> A possible workaround would be to avoid banning 0.0.0.0. >> >> Patches are welcome. >> >> > I'm a bit confused... The current code doesn't fetch the remote IP at > all? (It's not clear to me that it's an IPv6 vs IP4 issue in my case. I > regularly get ssh hack attempts from IPv4 addresses. So I'm not sure where > the 0.0.0.0 is coming from.) If so, then how does blacklisting *ever* work? > > Hmm - looks like maybe that's true. I just checked my vnc log, and saw > the following after connecting from another machine on my local LAN. Looks > like all connections are reported as 0.0.0.0. I'm really surprised this > has gone unnoticed (judging by the low post rate on this bug) for so long... > > Thu Jun 9 19:20:46 2016 > Connections: accepted: 0.0.0.0::5432 > > I'm afraid a patch is beyond me, though. I've got a CS degree, but it's > about 3 decades old, so the amount of time it would take for me to sift > through the code to find the problem is likely very large. > > Meantime, I'm happy to script up a fail2ban jail, if the IP info is > available elsewhere. I've seen mention that iptables can be configured to > log such stuff, but haven't yet had the time to figure it out. Suggestions > welcome. > > mitch >
