Martin Neitzel wrote:
Brook Milligan wrote: BM> Does it make sense that failed SMTP authentication should trigger BM> blocklistd events? What irks me about blocklistd(8) is the lack of a way of correcting such mishaps quickly. blocklisctctl(8) should not just have the current "dump" sub-command to investigate the blocked entries; having some "release/cleanup" facilities would be a real bonus. Restoring access directly with npfctl (or whatever is used) doesn't feel right to me.
Indeed! I built a small tool[0] that lets my friends unblock themselves/eachother when they have an accident. What's bad with it is that it's unreliable as blocklistd keeps its own database and does not sync back changes from npf even as it maintains a rule id (did the rule go away? then reset counters!).
While we're wishing, I would propose a manual report sub-command as well for programs that can run a program on an event in som way--perhaps even a shellscript/cron-based logwatcher--so that they don't necessarily have to be patched to integrate. It would broaden the possibilities but perhaps there are security implications that I'm not thinking of.
A PAM module would probably be pretty simple to build as well (I have some experience there).
I have too many projects going on to nominate myself for patching any of this, however wishing is still free and those who don't ask don't get...
That turned into a bit of a sleepy stream of consciousness, apologies. Staffan [0] https://git.shangtai.net/staffan/unblacklist