It seems that enabling blocklistd on any internet-facing host is best practice, no? If so, it seems relevant that an admin might want to keep tabs on what is being blocked.
I propose adding a bit to /etc/daily to run "blocklistctl dump" as part of the daily tasks. Of course, it would be controlled by a variable, default off, in /etc/daily.conf, so current behavior would not change unless opted in. See the attached patch. Bikeshed topic: should this be in /etc/security instead? Thoughts? Cheers, Brook
etc_daily.patch
Description: Binary data
