tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bl*cklist configuration, ssh only



On Thu, Jun 01, 2023 at 05:05:16PM +0100, Patrick Welche wrote:
> 
> What puzzles me is:
> 
> # blocklistctl dump -a | wc
>       53     218    2497
> 
> BUT:
> 
> # npfctl rule blocklistd list | wc
>        3      45     254
> 
> Only 3 hosts apparently being blocked by npf vs 53.


blocklistctl dumps the policy database.

npf doesn't implement that policy, but only specfic
blocking rules. blocklistd adds npf rules when the
policy is violated (e.g. the 3rd login failure)
and removes rules when a timeout is reached.

Greetings,
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."


Home | Main Index | Thread Index | Old Index