bin/55492: Cannot remove blocked entries with blacklistctl / blocklistctl

[Hauke Fath <hf%spg.tu-darmstadt.de@localhost>]

>Number:         55492
>Category:       bin
>Synopsis:       Cannot remove blocked entries with blacklistctl / blocklistctl
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 15 09:45:00 +0000 2020
>Originator:     Hauke Fath
>Release:        NetBSD 9.0_STABLE
>Organization:
Technische Universitaet Darmstadt
>Environment:
	
	
System: NetBSD Gstoder 9.0_STABLE NetBSD 9.0_STABLE (GA-MA770-UD3-$Revision$) #1: Tue May 5 13:46:33 CEST 2020 hf@Hochstuhl:/var/obj/netbsd-builds/9/amd64/sys/arch/amd64/compile/GA-MA770-UD3 amd64
Architecture: x86_64
Machine: amd64
>Description:

	I am not aware of an easy way to manually remove / expire a
	blocking entry from the bl?cklist database. As of netbsd-9,
	the bl?cklistctl(8) man page does not mention the issue.

	Removing the dynamically created npf rule with

	npfctl rule blacklistd list
	npfctl rule blacklistd rem-id <id>

	(which bl?cklistctl(8) should probably document, too, given
	the sorry documentation state of npf(4)) will of course do
	nothing to bl?cklistd's database.

	
>How-To-Repeat:

	Notice that a legitimate client has been bl?cklisted, try to
	remove the block, find you cannot (short of drastic measures
	like deleting the entire bl?cklist database).

	
>Fix:

	Please add the necessary functionality to blocklistctl, and
	its man page.

	Needs a pull-up to netbsd-{8,9}.

	

>Unformatted: