tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bl*cklist configuration, ssh only

> 172800 seconds is 48 hours as per
> # grep ssh /etc/blocklistd.conf 
> ssh             stream  *       *               *       3       48h
> The login attempts are well spaced out in time, so probably not "races".
> # blocklistctl dump -a | grep
>   7       49/3    2023/06/02 08:36:43
> # npfctl rule blocklistd list
> block in final family inet4 proto tcp from to any port 22 # id="1" 

The rule is only added once, but the log message is written every time.

So if adding a rule failed for some reason (or was dropped for some
other reason beyond blocklistd), it won't be added before blocklistd
has dropped the rule itself.

It doesn't look like errors from adding/removing rules were noticed or
logged somewhere, but you could augment the helper script.

                                Michael van Elst
                                "A potential Snark may lurk in every tree."

Home | Main Index | Thread Index | Old Index