Re: Configuring blacklistd

To: netbsd-users <netbsd-users%netbsd.org@localhost>
Subject: Re: Configuring blacklistd
From: Mayuresh <mayuresh%acm.org@localhost>
Date: Tue, 22 May 2018 16:38:00 +0530

On Tue, May 22, 2018 at 08:06:19AM +0530, Mayuresh wrote:
> 1. Copied from examples to /etc/npf.conf and just modified interface name
> in ext_if to actual one on my system.

Further confirm that using npfctl added a filter and checked that it was
functional.


> 2. In /etc/blacklist.conf I have just one entry (for testing):
> 
> [local]
> 
> [remote]
> ssh     stream  *       *       *       1       1h
> 
> 
> 3. In /etc/rc.conf I have
> blacklistd=YES
> npf=YES
> 
> and both are started.
> 
> 
> 4. Watching "blacklistctl dump -da" or "npfctl list" which are showing
> nothing, though there are candidates in authlog.

Have an observation that the modification timestamp of
/var/db/blacklistd.db keeps changing. So probably blacklistd is
identifying addresses to block. (?) Is it just failing to convey that to
npf?

> 5. Also curious, how do I confirm whether my ssh server is compatible with
> blacklistd (patched)? I am using the one from base of 8.0_RC1 amd64.

Mayuresh

Follow-Ups:
- Re: Configuring blacklistd
  - From: Mayuresh

References:
- Configuring blacklistd
  - From: Mayuresh

Prev by Date: Re: sshguard fails to start
Next by Date: Utility to dump contents of .db files in /var/db
Previous by Thread: Configuring blacklistd
Next by Thread: Re: Configuring blacklistd
Indexes:

Home | Main Index | Thread Index | Old Index