Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: blacklistd question



In article <Pine.NEB.4.64.1701090646110.2716%speedy.whooppee.com@localhost>,
Paul Goyette  <paul%whooppee.com@localhost> wrote:
>I was looking at the blacklistd (and related) man-pages, and I'm not 
>sure I understand how it works.  Perhaps someone can enlighten me.
>
>The man page references socket(s) on which blacklistd listens for 
>notifications, but it doesn't seem to indicate what programs are 
>(currently capable of) sending reports to the socket(s).  apropos(1) 
>doesn't seem to find any references from other man pages to provide 
>additional clues.
>
>The example in blacklistd.conf(5) seems to imply that sshd will send 
>notifications, but nothing in the sshd man page confirms this.  Also, 

I have not modified the man pages of any of the programs that I've made
aware of blacklistd.

>the example uses "*" for the connection type and protocol, but it seems 
>that "stream" and "tcp" would be better choices?  Is the use of "*" 
>simply a means of avoiding separate IPv4 and IPv6 rules?  (And if so, 
>shouldn't there be a separate parameter for address family?)

It does not matter. You can have separate v4 and v6 rules or you can
have the same rule take care of both.

christos



Home | Main Index | Thread Index | Old Index