> On Dec 30, 2025, at 09:45, Greg Troxel <[email protected]> wrote: > > I am looking at the NetBSD 9 man pages and example, reproduced below
I’m confused; where did you find those man pages? I’m seeing no such information in the cvs tree (https://cvsweb.netbsd.org/bsdweb.cgi/src/external/bsd/blocklist/bin/), the published man pages, or anywhere else. Hence my question. > [remote] > 0.0.0.0/0 stream tcp * =/24 = = > #[0::0]/0 stream tcp * =/64 = = This clears things up a lot. Unless I missed something, perhaps this should be added to the cvs tree. > With 9 (blacklistd), not having a remote entry for v6 leads to a /128 > being blocked. (In my experience this is super rare.) OK, so there may be no need for an extra ipv6 block, I suppose. > I can see why you want to block a /48, but would be interested if you > are willing to share the details of the kind of bad behavior you > experience, and if there is a pattern of blocking /64 and then later > having a failure form a later /64 within the same /48. I have no problems with ipv6 addresses, but wanted to block them as I do ipv4. I figured the same approach (blocking subnets) would be prudent, but perhaps that is not necessary in practice. Thanks for your help. Cheers, Brook
