Re: blocklistd.conf syntax

To: Paul Goyette <paul%whooppee.com@localhost>
Subject: Re: blocklistd.conf syntax
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sun, 11 Jan 2026 19:29:14 -0500

Paul Goyette <paul%whooppee.com@localhost> writes:

> Next step seems to be blocklistd.  The example file contains some
> lines that start with what appear to be port names (slightly
> reformatted to avoid line wrap)
>
> 	...
> 	[local]
> 	ssh             stream  *       *       *   3   6h
> 	ftp             stream  *       *       *   3   6h
> 	domain          *       *       named   *   3   12
> 	...
>
> Yet the man page seems to indicate that port names should be
> prefixed with a colon:

Despite the man page not listing it, you can use a port name (from
/etc/services surely) as the first column.  At least on 9.

> And finally, how can I tell if blocklistd is working?

look for lines like (with numbers instead of redaction variables)

  Jan 11 15:26:12 s1 blacklistd[443]: released a.b.c.d/24:22 after k seconds
  Jan 11 16:31:17 s1 blacklistd[443]: blocked e.f.g.h/24:22 for k seconds

and

  $ npfctl ruleset blacklistd list

(adapted for 10/11's spelling).

References:
- blocklistd.conf syntax
  - From: Paul Goyette

Prev by Date: Re: Files in DESTDIR but missing from flist
Previous by Thread: blocklistd.conf syntax
Indexes:

Home | Main Index | Thread Index | Old Index