NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: blocklistd: How to keep my dynamic IP from getting blocked

On Wed, Mar 31, 2021 at 09:42:45AM -0700, Greg A. Woods wrote:
> > > (Let's keep aside why autossh manages to fail auth for now.)
> Well, that is the very root of the problem, is it not?  :-)

It is. I have tried identifying a while back but could not figure out why
it happens. IIRC the client just turns silent sometimes midway through the

> tune blocklistd's sensitivity so as to allow as many fat-finger failed
> authentications as you feel you might need

I went from a stringent 1 (failure) to 2 and then 3 and the frequency of
trouble went down, but it did not go away fully.

> That becomes more complicated if it's the remote (client) side that has
> the changing address and you don't already have a pre-determined way to
> do these updates and actions based on a remote trigger or some other
> kind of locally initiated monitoring.

I can arrange for a client side device to 'inform' the server when the IP
changes. When this happens, the server may whitelist it at npf level. But
if later, blocklistd tries to block it, what exactly happens. Is it
something like I have to put the whitelisting at the end of the filter
list or something so that it will have higher precedence than blocklistd?


Home | Main Index | Thread Index | Old Index