NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: blocklistd: How to keep my dynamic IP from getting blocked



At Sat, 3 Apr 2021 11:45:59 +0530, Mayuresh <mayuresh%acm.org@localhost> wrote:
Subject: Re: blocklistd: How to keep my dynamic IP from getting blocked
>
> Just looked at man blacklistd.conf
>
> I guess nfail=* (means never) is what I have to use? And this entry with
> ip address would be in [remote], right?

Yes, correct.  The EXAMPLES section in blocklistd.conf(5) should
hopefully make it more clear.

> What is unclear is the precedence - when one spec says block it and
> another one says don't, how does blocklistd resolve it?
>
> I do see this:
>
>      Matching is done first by checking the local rules individually, in
>      the order of the most specific to the least specific.  If a match is
>      found, then the remote rules are applied.  The name, nfail, and
>      disable fields can be altered by the remote rule that matched.
>
> Does it mean [remote] simply overrides [local]?

Yes, rules in the [remote] section should override anything in the
[local] section, and in particular since the rule in the [remote]
section can set a new "nfail" value, using "*" will mean "never block".

--
					Greg A. Woods <gwoods%acm.org@localhost>

Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>

Attachment: pgpux7RWDgzw7.pgp
Description: OpenPGP Digital Signature



Home | Main Index | Thread Index | Old Index