Hello,
I have installed blacklistd on -10.0 and, if daemon runs fine, it
doesn't block attacks. I have read several pages and I suppose I have
done a misconfiguration somewhere.
My configuration is very simple. I only have to block ssh. thus, I have
written in /etc/blacklistd.conf :
[local]
# location type proto owner name nfail duration
wm2:ssh * * * * 3 6h
In /etc/npf.conf, I have added
group "wan" on $wan_if {
ruleset "blacklistd"
# ICMP
pass in final family inet4 proto icmp all
pass out final family inet4 proto icmp all
...
# Default
block final all
}
This configuration doesn't run as expected as /var/log/authlog contains
a lot of aborted connections. But blacklistctl dump returns no blocked
address even there are a lot of attempts from the same source.
I suppose something is missing between ssh and blacklistd. And I don't
understand how 'ruleset "blacklistd"' works. man npf.conf doesn't help.
Help will be welcome.
Regards,
JKB
