Removing bl[ao]cklist entries?

To: "netbsd-users%netbsd.org@localhost" <netbsd-users%NetBSD.org@localhost>
Subject: Removing bl[ao]cklist entries?
From: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Date: Tue, 29 Sep 2020 11:44:30 +0200

All,

we are protecting our mail server's smtp-auth logins with 
bl[ao]cklistd*. It just so happens that every once in a while, careless 
updates or configuration changes (don't ask) lead to legitimate 
connections being blocked.

In this case, there are two databases to fix: bl?cklistd's, and the 
packet filter's state table. If I just go and remove the relevant entry 
from the packet filter's (npf in this case) state table, I find myself 
in a game of whack-a-mole, because bl?cklistd appears to re-create 
entries corresponding to its database.

And bl?cklistctl(8), despite its name, does not allow for removing 
blocking entries.

What is the proper procedure here, short of flushing both the 
bl?cklistd database and all of the packet filter  entries?

Cheerio,
Hauke


* "blacklistd", since the machine in question runs netbsd-9

-- 
     The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email            Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
     Respect for open standards              Ruf +49-6151-16-21344

Follow-Ups:
- Re: Removing bl[ao]cklist entries?
  - From: Christos Zoulas

Prev by Date: Re: Drive ID changed
Next by Date: Installation woes, NetBSD 9.0
Previous by Thread: IPv6 network configuration
Next by Thread: Re: Removing bl[ao]cklist entries?
Indexes:

Home | Main Index | Thread Index | Old Index