In article <[email protected]>, Paul Goyette <[email protected]> wrote: >I was looking at the blacklistd (and related) man-pages, and I'm not >sure I understand how it works. Perhaps someone can enlighten me. > >The man page references socket(s) on which blacklistd listens for >notifications, but it doesn't seem to indicate what programs are >(currently capable of) sending reports to the socket(s). apropos(1) >doesn't seem to find any references from other man pages to provide >additional clues. > >The example in blacklistd.conf(5) seems to imply that sshd will send >notifications, but nothing in the sshd man page confirms this. Also,
I have not modified the man pages of any of the programs that I've made aware of blacklistd. >the example uses "*" for the connection type and protocol, but it seems >that "stream" and "tcp" would be better choices? Is the use of "*" >simply a means of avoiding separate IPv4 and IPv6 rules? (And if so, >shouldn't there be a separate parameter for address family?) It does not matter. You can have separate v4 and v6 rules or you can have the same rule take care of both. christos
