> 172800 seconds is 48 hours as per
>
> # grep ssh /etc/blocklistd.conf
> ssh stream * * * 3 48h
>
> The login attempts are well spaced out in time, so probably not "races".
>
> # blocklistctl dump -a | grep 62.122.184.124
>
On Thu, Jun 01, 2023 at 07:21:40PM +0200, Michael van Elst wrote:
> On Thu, Jun 01, 2023 at 05:05:16PM +0100, Patrick Welche wrote:
> >
> > What puzzles me is:
> >
> > # blocklistctl dump -a | wc
> > 53 2182497
> >
> > BUT:
> >
> > # npfctl rule blocklistd list | wc
> >3
On Thu, Jun 01, 2023 at 05:05:16PM +0100, Patrick Welche wrote:
>
> What puzzles me is:
>
> # blocklistctl dump -a | wc
> 53 2182497
>
> BUT:
>
> # npfctl rule blocklistd list | wc
>3 45 254
>
> Only 3 hosts apparently being blocked by npf vs 53.
blocklistctl
On Tue, May 30, 2023 at 03:54:52PM -, Michael van Elst wrote:
> ignat...@cs.uni-bonn.de writes:
>
> >Hello,
>
> >is there a minimal example how to configure bl*cklistd and npf to
> >block attacks on sshd?
>
> /etc/bl*cklistd.conf:
> # Bl*cklist rule
> # adr/mask:port typeproto owner
ignat...@cs.uni-bonn.de writes:
>Hello,
>is there a minimal example how to configure bl*cklistd and npf to
>block attacks on sshd?
/etc/bl*cklistd.conf:
# Bl*cklist rule
# adr/mask:port typeproto owner namenfail disable
[local]
ssh stream tcp *
Hello,
is there a minimal example how to configure bl*cklistd and npf to
block attacks on sshd?
I tried from the manual but blacklistctl dump -a only shows
my test (and a wild) connection statying at nfail= 2/3 - what
can be wrong?
Regards,
-is
--
Ignatios Souvatzis, Chief IPv6
