CVS commit: src/external/bsd/blocklist

Wed, 05 Feb 2025 12:08:02 -0800 

Module Name:    src
Committed By:   christos
Date:           Wed Feb  5 20:07:46 UTC 2025

Modified Files:
        src/external/bsd/blocklist/bin: blocklistd.conf.5
        src/external/bsd/blocklist/etc: blocklistd.conf

Log Message:
PR/18: robohack: use duration, not disable


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/blocklist/bin/blocklistd.conf.5
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/blocklist/etc/blocklistd.conf

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/external/bsd/blocklist/bin/blocklistd.conf.5
diff -u src/external/bsd/blocklist/bin/blocklistd.conf.5:1.4 src/external/bsd/blocklist/bin/blocklistd.conf.5:1.5
--- src/external/bsd/blocklist/bin/blocklistd.conf.5:1.4	Mon Feb  3 10:40:17 2025
+++ src/external/bsd/blocklist/bin/blocklistd.conf.5	Wed Feb  5 15:07:46 2025
@@ -1,4 +1,4 @@
-.\" $NetBSD: blocklistd.conf.5,v 1.4 2025/02/03 15:40:17 christos Exp $
+.\" $NetBSD: blocklistd.conf.5,v 1.5 2025/02/05 20:07:46 christos Exp $
 .\"
 .\" Copyright (c) 2015, 2025 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -48,34 +48,34 @@ Comments are denoted by a
 at the beginning of a line.
 .Pp
 There are two kinds of configuration lines,
-.Va local
+.Va [local]
 and
-.Va remote .
+.Va [remote] .
 By default, configuration lines are
-.Va local ,
+.Va [local] ,
 i.e. the address specified refers to the addresses on the local machine.
 To switch to between
-.Va local
+.Va [local]
 and
-.Va remote
+.Va [remote]
 configuration lines you can specify the stanzas:
 .Dq [local]
 and
 .Dq [remote] .
 .Pp
 On
-.Va local
+.Va [local]
 and
-.Va remote
+.Va [remote]
 lines
 .Dq *
 means use the default, or wildcard match.
 In addition, for
-.Va remote
+.Va [remote]
 lines
 .Dq =
 means use the values from the matched
-.Va local
+.Va [local]
 configuration line.
 .Pp
 The first four fields,
@@ -85,9 +85,9 @@ The first four fields,
 and
 .Va owner
 are used to match the
-.Va local
+.Va [local]
 or
-.Va remote
+.Va [remote]
 addresses, whereas the last 3 fields
 .Va name ,
 .Va nfail ,
@@ -143,8 +143,8 @@ The
 field, is the name of the packet filter rule to be used.
 If the
 .Va name
-starts with a
-.Dq - ,
+starts with a hyphen
+.Pq Dq - ,
 then the default rulename is prepended to the given name.
 If the
 .Dv name
@@ -160,13 +160,13 @@ field contains the number of failed atte
 defaulting to
 .Dq *
 meaning never, and the last field
-.Va disable
+.Va duration
 specifies the amount of time since the last access that the blocking
 rule should be active, defaulting to
 .Dq *
 meaning forever.
 The default unit for
-.Va disable
+.Va duration
 is seconds, but one can specify suffixes for different units, such as
 .Dq m
 for minutes
@@ -176,25 +176,31 @@ for hours and
 for days.
 .Pp
 Matching is done first by checking the
-.Va local
+.Va [local]
 rules individually, in the order of the most specific to the least specific.
-If a match is found, then the
-.Va remote
+If a match is found, then the matching
+.Va [remote]
 rules are applied.
 The
 .Va name ,
 .Va nfail ,
 and
-.Va disable
+.Va duration
 fields can be altered by the
-.Va remote
+.Va [remote]
 rule that matched.
 .Pp
 The
-.Va remote
+.Va [remote]
 rules can be used for allowing specific addresses, changing the mask
-size, the rule that the packet filter uses, the number of failed attempts,
-or the block duration.
+size (via
+.Va name ) ,
+the rule that the packet filter uses (also via
+.Va name ) ,
+the number of failed attempts (via
+.Va nfail ) ,
+or the duration to block (via
+.Va duration ) .
 .Sh FILES
 .Bl -tag -width /etc/blocklistd.conf -compact
 .It Pa /etc/blocklistd.conf

Index: src/external/bsd/blocklist/etc/blocklistd.conf
diff -u src/external/bsd/blocklist/etc/blocklistd.conf:1.3 src/external/bsd/blocklist/etc/blocklistd.conf:1.4
--- src/external/bsd/blocklist/etc/blocklistd.conf:1.3	Thu Feb  8 20:00:12 2024
+++ src/external/bsd/blocklist/etc/blocklistd.conf	Wed Feb  5 15:07:46 2025
@@ -1,5 +1,5 @@
 # Blocklist rule
-# adr/mask:port	type	proto	owner		name	nfail	disable
+# adr/mask:port	type	proto	owner		name	nfail	duration
 [local]
 ssh		stream	*	*		*	3	6h
 ftp		stream	*	*		*	3	6h
@@ -7,7 +7,7 @@ domain		*	*	named		*	3	12h
 #6161		stream	tcp6	christos	*	2	10m
 *		*	*	*		*	3	60
 
-# adr/mask:port	type	proto	owner		name	nfail	disable
+# adr/mask:port	type	proto	owner		name	nfail	duration
 [remote]
 #129.168.0.0/16	*	*	*		=	*	*
 #[2001:db8::]/32:ssh	*	*	*		=	*	*

Reply via email to