At Sat, 3 Apr 2021 11:45:59 +0530, Mayuresh <mayuresh%acm.org@localhost> wrote: Subject: Re: blocklistd: How to keep my dynamic IP from getting blocked > > Just looked at man blacklistd.conf > > I guess nfail=* (means never) is what I have to use? And this entry with > ip address would be in [remote], right? Yes, correct. The EXAMPLES section in blocklistd.conf(5) should hopefully make it more clear. > What is unclear is the precedence - when one spec says block it and > another one says don't, how does blocklistd resolve it? > > I do see this: > > Matching is done first by checking the local rules individually, in > the order of the most specific to the least specific. If a match is > found, then the remote rules are applied. The name, nfail, and > disable fields can be altered by the remote rule that matched. > > Does it mean [remote] simply overrides [local]? Yes, rules in the [remote] section should override anything in the [local] section, and in particular since the rule in the [remote] section can set a new "nfail" value, using "*" will mean "never block". -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpux7RWDgzw7.pgp
Description: OpenPGP Digital Signature