BERTRAND Joël a écrit :
> Martin Neitzel a écrit :
>> Hi Joel,
>>
>>> I have installed blacklistd on -10.0 and, if daemon runs fine, it
>>> doesn't block attacks. I have read several pages and I suppose I have
>>> done a misconfiguration somewhere.
>>>
>>> My configuration is very simple. I only have to block ssh. thus, I have
>>> written in /etc/blacklistd.conf :
>>
>> Looks basically good to me, but two ideas to verify things:
>>
>> (1) It's blAcklistd* in up to NetBSD-9, but blOcklistd* from 10 on.
>
> I have in -10 blAcklistd and blOcklistd. Is blacklistd now unsupported
> ? Man pages seem to be very similar.
>
>> (2) Make sure that wm2 is your outward interface and not, say,
>> pppoe (over wm2). You could also simply leave off the "wm2:" spec
>> in your config file.
>
> I'm sure that wm2 is my WAN interface.
>
>>> I suppose something is missing between ssh and blacklistd. And I don't
>>> understand how 'ruleset "blacklistd"' works. man npf.conf doesn't help.
>>
>> It's documented in blocklistd(8), see "-C" and:
>>
>> FILES
>> /libexec/blocklistd-helper Shell script invoked to interface with the
>> packet filter.
>
> I have checked /libexec/blacklistd-helper. But as blacklistctl dump
> doesn't return anything, I suppose something is broken before call of
> /libexec/blacklistd-helper.
I have replaced all blacklist* by blocklist* and it runs better :
legendre# npfctl rule blocklistd list
block in final family inet4 proto tcp from 165.227.95.205/32 to any port
22 # id="1"
Thanks,
JKB
