Module Name: src
Committed By: wiz
Date: Fri Feb 9 00:53:30 UTC 2024
Modified Files:
src/external/bsd/blocklist: README
Log Message:
Spelling fixes
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/blocklist/README
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/blocklist/README
diff -u src/external/bsd/blocklist/README:1.2 src/external/bsd/blocklist/README:1.3
--- src/external/bsd/blocklist/README:1.2 Mon Jun 15 21:27:57 2020
+++ src/external/bsd/blocklist/README Fri Feb 9 00:53:30 2024
@@ -1,4 +1,4 @@
-# $NetBSD: README,v 1.2 2020/06/15 21:27:57 christos Exp $
+# $NetBSD: README,v 1.3 2024/02/09 00:53:30 wiz Exp $
This package contains library that can be used by network daemons to
communicate with a packet filter via a daemon to enforce opening and
@@ -15,7 +15,7 @@ blocklistd=YES in /etc/rc.conf, start it
There is also a startup file in etc/rc.d/blocklistd
-Patches to various daemons to add blocklisting capabilitiers are in the
+Patches to various daemons to add blocklisting capabilities are in the
"diff" directory:
- OpenSSH: diff/ssh.diff [tcp socket example]
- Bind: diff/named.diff [both tcp and udp]
@@ -24,7 +24,7 @@ Patches to various daemons to add blockl
These patches have been applied to NetBSD-current.
The network daemon (for example sshd) communicates to blocklistd, via
-a unix socket like syslog. The library calls are simple and everything
+a Unix socket like syslog. The library calls are simple and everything
is handled by the library. In the simplest form the only thing the
daemon needs to do is to call:
@@ -60,11 +60,11 @@ ssh stream tcp6 * * 6 60m
http stream tcp * * 6 60m
Here note that owner is * because the connection is done from the
-child ssh socket which runs with user privs. We treat ipv4 connections
+child ssh socket which runs with user privs. We treat IPv4 connections
differently by maintaining two different rules one for the external
interface and one from the internal We also register for both tcp
and tcp6 since those are different listening sockets and addresses;
-we don't bother with ipv6 and separate rules. We use nfail = 6,
+we don't bother with IPv6 and separate rules. We use nfail = 6,
because ssh allows 3 password attempts per connection, and this
will let us have 2 connections before blocking. Finally we block
for an hour; we could block forever too by specifying * in the
@@ -100,7 +100,7 @@ group "internal" on $int_if {
You can use 'blocklistctl dump -a' to list all the current entries
in the database; the ones that have nfail <c>/<t> where <c>urrent
->= <t>otal, should have an id assosiated with them; this means that
+>= <t>otal, should have an id associated with them; this means that
there is a packet filter rule added for that entry. For npf, you
can examine the packet filter dynamic rule entries using 'npfctl
rule <rulename> list'. The number of current entries can exceed
