I see in /var/log/messages (NetBSD-10.99.2/XEN3_DOMU/amd64):
... Feb 18 00:19:16 mail blocklistd[625]: blocked 195.226.194.142/32:22 for 172800 seconds Feb 18 00:49:33 mail blocklistd[625]: blocked 195.226.194.142/32:22 for 172800 seconds Feb 18 01:18:58 mail blocklistd[625]: blocked 195.226.194.242/32:22 for 172800 seconds Feb 18 01:49:45 mail blocklistd[625]: blocked 195.226.194.242/32:22 for 172800 seconds Feb 18 02:18:50 mail blocklistd[625]: blocked 195.226.194.142/32:22 for 172800 seconds Feb 18 02:49:23 mail blocklistd[625]: blocked 195.226.194.242/32:22 for 172800 seconds Feb 18 03:49:05 mail blocklistd[625]: blocked 195.226.194.242/32:22 for 172800 seconds Feb 18 04:18:15 mail blocklistd[625]: blocked 195.226.194.242/32:22 for 172800 seconds Feb 18 04:49:27 mail blocklistd[625]: blocked 195.226.194.242/32:22 for 172800 seconds Feb 18 05:18:16 mail blocklistd[625]: blocked 195.226.194.142/32:22 for 172800 seconds Feb 18 05:49:14 mail blocklistd[625]: blocked 195.226.194.242/32:22 for 172800 seconds Feb 18 06:48:01 mail blocklistd[625]: blocked 195.226.194.142/32:22 fo 172800 seconds = 48 hours, so the hourly attempt shouldn't make it. # npfctl rule blocklistd list | grep 195.226 # but npf doesn't appear to be blocking it, though some are blocked: # npfctl rule blocklistd list block in final family inet4 proto tcp from 179.60.147.157/32 to any port 22 # id="d" block in final family inet4 proto tcp from 171.225.184.179/32 to any port 22 # id="f" block in final family inet4 proto tcp from 113.249.95.65/32 to any port 22 # id="10" ... (I noticed while wondering why mail to said domu stop being received, which seems to happen every 4 days.) Thoughts? Cheers, Patrick
