Re: Configuring blacklistd

To: netbsd-users <netbsd-users%netbsd.org@localhost>
Subject: Re: Configuring blacklistd
From: Mayuresh <mayuresh%acm.org@localhost>
Date: Tue, 22 May 2018 18:27:46 +0530

On Tue, May 22, 2018 at 04:38:00PM +0530, Mayuresh wrote:
> On Tue, May 22, 2018 at 08:06:19AM +0530, Mayuresh wrote:
> > 1. Copied from examples to /etc/npf.conf and just modified interface name
> > in ext_if to actual one on my system.
> 
> Further confirm that using npfctl added a filter and checked that it was
> functional.
> 
> 
> > 2. In /etc/blacklist.conf I have just one entry (for testing):
> > 
> > [local]
> > 
> > [remote]
> > ssh     stream  *       *       *       1       1h
> > 
> > 
> > 3. In /etc/rc.conf I have
> > blacklistd=YES
> > npf=YES
> > 
> > and both are started.
> > 
> > 
> > 4. Watching "blacklistctl dump -da" or "npfctl list" which are showing
> > nothing, though there are candidates in authlog.
> 
> Have an observation that the modification timestamp of
> /var/db/blacklistd.db keeps changing. So probably blacklistd is
> identifying addresses to block. (?) Is it just failing to convey that to
> npf?
> 
> > 5. Also curious, how do I confirm whether my ssh server is compatible with
> > blacklistd (patched)? I am using the one from base of 8.0_RC1 amd64.

Confirmed this using fstat. sshd is seen binding with
/var/run/blacklistd.sock.

Not clear why blacklistd should not work.

Mayuresh

Follow-Ups:
- Re: Configuring blacklistd
  - From: Mayuresh

References:
- Configuring blacklistd
  - From: Mayuresh
- Re: Configuring blacklistd
  - From: Mayuresh

Prev by Date: Re: Utility to dump contents of .db files in /var/db
Next by Date: Re: Configuring blacklistd
Previous by Thread: Re: Configuring blacklistd
Next by Thread: Re: Configuring blacklistd
Indexes:

Home | Main Index | Thread Index | Old Index