On Sat, Apr 03, 2021 at 11:45:59AM +0530, Mayuresh wrote: > On Fri, Apr 02, 2021 at 11:20:18AM -0700, Greg A. Woods wrote: > > Just tell blocklistd not to block that IP! > > I posed my question like that originally! Something led me to believe that > this needs to be done at npf level, which could be my misunderstanding.
I would do a table containing your dynamic IP addresses and then follow the npfctl man page's EXAMPLE section, either add the new IP and then rem the old, or write to a temp file and replace the whole table. Then make sure to "pass in final" all packets from IPs in that table before the blocklistd rule catches them. Martin