Does anyone have any working rules for bfd thats currently working
with pure-ftpd? the default rules are a bit outdated as well as the pattern files, the sshd side of it works as intended but my lods are still littered with:

the default rule seems to not pick anything up, i believe this is due to
not having the standard syslog daemon? and i dont think the rule will also DNS the target if it has a hostname instead of ip. So im curious if anyones wirrten up a new pattern file and new rules for pure-ftpd so that will pick it up and add them to the deny-hosts.rules in apf like ti does with sshd by default.


P.S yes i didnt edit out that ip as its been goin on for a good straight 2 weeks now, and ive sent numerous abuse reports to its domain.

Shouldn't matter I think. As long as local logs get logged to you're fine. Just change the logfile location in conf.bfd.


And even if it did resolve names it shouldn't. While it may appear convenient to you as log reader, resolving is really too costly especially if you have huge amounts of connections from different sources and what does a hostname reveal anyway?


If you can come up with some generic loglines I'm sure we could turn those into rules.


While sending reports is laudable a lot of ISPs archive complaints in their /dev/null mailbox (not that that should stop you from sending in any). Maybe add a static entry in your iptables rules for that offender or look into iptables modules like 'recent'.