Hi Joel, > I have in -10 blAcklistd and blOcklistd. Is blacklistd now unsupported? > Man pages seem to be very similar.
It's just a renaming, and blocklistd gets continuing support. On a "true" netbsd-10-release (not available yet), there should be just blocklistd. Maybe you have old blAcklistd remnants from upgrading into the your release-candidate? I'd just use blOcklistd on anything 10-ish. Make sure you match the proper daemon with the proper config file; Without an explicit "-c configfile" option, blocklistd will use blocklistd.conf -- not blacklistd.conf. > I have checked /libexec/blacklistd-helper. But as blacklistctl dump > doesn't return anything, I suppose something is broken before call of > /libexec/blacklistd-helper. Things which got me when I did the ssh filter setup: - "blacklistctl dump" without options only shows "embryonic" clients -- clients which have been reported but not yet reached the limit to get blocked. "-a"/"-b" is required to see currently blocked clients (according to bl[ao]cklistd). These should then also show up in npf: npfctl rule blacklistd list - There are certain forms of ssh connects which the client doesn't complete and where sshd never notifies blacklistd. For example, if you only accept key-based logins and the client never gets to the stage where it guesses passwords, this will not make it to blacklistd -- even when the client keeps hammering on with new connects. IIRC, one sees lots of "pre-authorized client disconnects" in the auth.log Martin Neitzel