Blacklistd configuration

To: NetBSD User Maillist <netbsd-users%NetBSD.org@localhost>
Subject: Blacklistd configuration
From: BERTRAND Joël <joel.bertrand%systella.fr@localhost>
Date: Sat, 5 Aug 2023 14:47:50 +0200

	Hello,

	I have installed blacklistd on -10.0 and, if daemon runs fine, it
doesn't block attacks. I have read several pages and I suppose I have
done a misconfiguration somewhere.

	My configuration is very simple. I only have to block ssh. thus, I have
written in /etc/blacklistd.conf :

[local]
# location      type    proto   owner   name    nfail   duration
wm2:ssh         *       *       *       *       3       6h

	In /etc/npf.conf, I have added

group "wan" on $wan_if {
    ruleset "blacklistd"

    # ICMP
    pass in final family inet4 proto icmp all
    pass out final family inet4 proto icmp all

...
    # Default
    block final all
}

	This configuration doesn't run as expected as /var/log/authlog contains
a lot of aborted connections. But blacklistctl dump returns no blocked
address even there are a lot of attempts from the same source.

	I suppose something is missing between ssh and blacklistd. And I don't
understand how 'ruleset "blacklistd"' works. man npf.conf doesn't help.

	Help will be welcome.

	Regards,

	JKB

Follow-Ups:
- Re: Blacklistd configuration
  - From: Martin Neitzel

Prev by Date: Re: Intermitent loss of WiFi
Next by Date: Re: Blacklistd configuration
Previous by Thread: Intermitent loss of WiFi
Next by Thread: Re: Blacklistd configuration
Indexes:

Home | Main Index | Thread Index | Old Index