Re: blacklistd is now available for current (comments?)

[christos%zoulas.com@localhost (Christos Zoulas)]

On Jul 12, 11:26am, reinoud%NetBSD.org@localhost (Reinoud Zandijk) wrote:
-- Subject: Re: blacklistd is now available for current (comments?)

| Hi Christos,
| 
| Thanks for your blacklistd, its soo much more lightweight that the others i've
| seen in pkgsrc; really frees up my small NAS. I've installed the -current
| version as in tree.

thanks.

| There are a few oddities though, and maybe you could enlighten me on those.
| 
| First of all your name is still in a custom rule in the default installed
| bloacklistd.conf. I'd say just comment it oug :)

I will comment it out... This was really an example file.

| More importantly, blacklistctl can only dump rules; it doesn't have commands
| for adding or removing rules manually. So when i had to manually allow a
| machine, my only option was to trunk the db file and restarting blacklistd. I
| later learned that blacklistd also has a -f to do this, but its a bit odd that
| there isn't say a `blacklistctl allow host port' that reverses a decision it
| made.

Yes, I have not had a chance to write more commands, and I am still thinking
about the security implications of allowing a command protocol through the
named pipe.

| `blacklistctl dump' without the '-a' doesn't show anything even when there are
| machines blacklisted with timeouts.

This is documented; by default it shows only the embryonic ones... Perhaps
it is not that useful.

christos