Re: Blacklistd configuration

[BERTRAND Joël <joel.bertrand%systella.fr@localhost>]

BERTRAND Joël a écrit :
> Martin Neitzel a écrit :
>> Hi Joel,
>>
>>> 	I have installed blacklistd on -10.0 and, if daemon runs fine, it
>>> doesn't block attacks. I have read several pages and I suppose I have
>>> done a misconfiguration somewhere.
>>>
>>> 	My configuration is very simple. I only have to block ssh. thus, I have
>>> written in /etc/blacklistd.conf :
>>
>> Looks basically good to me, but two ideas to verify things:
>>
>> (1) It's blAcklistd* in up to NetBSD-9, but blOcklistd* from 10 on.
> 
> 	I have in -10 blAcklistd and blOcklistd. Is blacklistd now unsupported
> ? Man pages seem to be very similar.
> 
>> (2) Make sure that wm2 is your outward interface and not, say,
>>     pppoe (over wm2).   You could also simply leave off the "wm2:" spec
>>     in your config file.
> 
> 	I'm sure that wm2 is my WAN interface.
> 
>>> 	I suppose something is missing between ssh and blacklistd. And I don't
>>> understand how 'ruleset "blacklistd"' works. man npf.conf doesn't help.
>>
>> It's documented in blocklistd(8), see "-C" and:
>>
>> FILES
>>      /libexec/blocklistd-helper  Shell script invoked to interface with the
>>                                  packet filter.
> 
> 	I have checked /libexec/blacklistd-helper. But as blacklistctl dump
> doesn't return anything, I suppose something is broken before call of
> /libexec/blacklistd-helper.

	I have replaced all blacklist* by blocklist* and it runs better :

legendre# npfctl rule blocklistd list
block in final family inet4 proto tcp from 165.227.95.205/32 to any port
22 # id="1"

	Thanks,

	JKB