blocklistd.conf syntax

To: current-users%netbsd.org@localhost
Subject: blocklistd.conf syntax
From: Paul Goyette <paul%whooppee.com@localhost>
Date: Sun, 11 Jan 2026 11:23:34 -0800 (PST)

I am trying to get blocklistd started on my system (yeah, I know, I
should have done this years ago).

I set up /etc/npf.conf using /usr/share/examples/blocklist/npf.conf
as a guide:

	alg "icmp"
	set bpf.jit on;
	$ext_if1 = "rge0"
	group "bl1" on $ext_if1 {
		ruleset "blocklistd"
		pass final all
	}
	group default {
		pass final all
	}

Next step seems to be blocklistd.  The example file contains some
lines that start with what appear to be port names (slightly
reformatted to avoid line wrap)

	...
	[local]
	ssh             stream  *       *       *   3   6h
	ftp             stream  *       *       *   3   6h
	domain          *       *       named   *   3   12
	...

Yet the man page seems to indicate that port names should be
prefixed with a colon:

	The syntax for the location is:

                   [<address>|<interface>][/<mask>][:<port>]


And finally, how can I tell if blocklistd is working?


+---------------------+--------------------------+----------------------+
| Paul Goyette (.sig) | PGP Key fingerprint:     | E-mail addresses:    |
| (Retired)           | 1B11 1849 721C 56C8 F63A | paul%whooppee.com@localhost    |
| Software Developer  | 6E2E 05FD 15CE 9F2D 5102 | pgoyette%netbsd.org@localhost  |
| & Network Engineer  |                          | pgoyette99%gmail.com@localhost |
+---------------------+--------------------------+----------------------+

Prev by Date: Re: npf issue
Next by Date: Re: Files in DESTDIR but missing from flist
Previous by Thread: npf issue
Indexes:

Home | Main Index | Thread Index | Old Index