blacklistd "-r" option to retain rules after reboot

To: netbsd-users <netbsd-users%netbsd.org@localhost>
Subject: blacklistd "-r" option to retain rules after reboot
From: Mayuresh <mayuresh%acm.org@localhost>
Date: Thu, 24 May 2018 21:46:58 +0530

I had to reboot my server for some reason. On reboot I find that npf state
is not retained, while blacklistd has retained the state.

man blacklistd says:

     -r      Re-read the firewall rules from the internal database, then
             remove and re-add them.  This helps for packet filters that don't
             retain state across reboots.

How to exercise this option? Is there a way to add it to rc.conf or does
it require editing /etc/rc.d/blacklistd?

BTW, shouldn't this be enabled by default on NetBSD?

Mayuresh

Follow-Ups:
- Re: blacklistd "-r" option to retain rules after reboot
  - From: Mayuresh

Prev by Date: Re: Blocking offending IPs : How many are too many to handle for npf?
Next by Date: Re: blacklistd "-r" option to retain rules after reboot
Previous by Thread: Blocking offending IPs : How many are too many to handle for npf?
Next by Thread: Re: blacklistd "-r" option to retain rules after reboot
Indexes:

Home | Main Index | Thread Index | Old Index