Re: "add blocklistd support to service XYZ for dummies" or equivalent?

[Greg Troxel <gdt%lexort.com@localhost>]

Jeff Rizzo <riz%tastylime.net@localhost> writes:

> I've been meaning to sit down and figure out where I need to hook to
> various services to avail myself of blocklistd's assistance for a
> couple of years now, but with an increasingly limited amount of time
> to spend on peripheral tasks, I keep running into the issue where I
> get started and then almost immediately distracted by something else.
> So, has anyone written up any kind of "here's how I added blocklistd
> support to XYZ" documentation I might be able to crib from? I keep
> getting as far as reading the man pages and glancing at the NetBSD
> wiki, and they've gotten me this far, but I'm hoping to get a little
> farther this time. :) :) :)

I have also been meaning to understand blocklistd.

Not a writeup, but for pointers to code to steal:

  See src/crypto/external/bsd/openssh/dist

  read (and then steal) pfilter.c

  egrep pfilter_notify *

  Wonder why 1 is used with pfilter_notify instead of
  BLOCKLIST_AUTH_FAIL.  Realize it's probably because <blocklist.h> is
  not included in pfilter.h, but that blocklist.h should be include, or
  perhaps pfilter_notify_auth_fail should be defined and called instead,
  or

  Wonder why pfilter_notify is never called with 0==BLOCKLIST_AUTH_OK.

  read the comment in sshd-session.c:
    n.b. hosts_access(3) has logged and notified blocklistd
  and feel befuddled, because hosts_access(3) does not document doing
  anything with blocklist.
    See src/lib/libwrap, and figure out that if tcpwrappers refuses the
    connection, then a failure report is made, but that no success
    report is ever made.  Realize this makes sense, but that the libwrap
    documentation and the comment in ssh mkes this very conusing