Louis Wust <louisw...@fastmail.fm> writes:
> On Tue, Jul 7, 2015, at 06:42, Mart van de Wege wrote:
>> I have set up pam_shield to allow my IP; when I test it by generating
>> 5 bad logins (threshold is 5 per 10m), I see pam_shield print
>> 'allowing from <my ip>/255.255.255.255' in the logs; and yet after 5
>> login attempts it blocks my ip.
>
> This is due to a bug in the code which matches IP addresses. I
> investigated the cause and will file a bug report.
>
Ah nice.
> In the meantime, try using a hostname instead of an IP address. If the
> system you want to allow does not have a hostname, make one up and add
> it to /etc/hosts.
>
Thankfully at least two machines that *need* to be whitelisted do have a
stable rDNS mapping and can be added by name.
Unfortunately, for the rest I need a network match, so setting up
/etc/hosts for that is a bit impractical.
On the gripping hand, as long as I can reach the server from at least
one machine, I can always manually unblock.
Thanks for looking at it.
Mart
--
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86615tqygg....@gaheris.avalon.lan
