At Sat, 3 Apr 2021 11:45:59 +0530, Mayuresh <mayur...@acm.org> wrote: Subject: Re: blocklistd: How to keep my dynamic IP from getting blocked > > Just looked at man blacklistd.conf > > I guess nfail=* (means never) is what I have to use? And this entry with > ip address would be in [remote], right?
Yes, correct. The EXAMPLES section in blocklistd.conf(5) should
hopefully make it more clear.
> What is unclear is the precedence - when one spec says block it and
> another one says don't, how does blocklistd resolve it?
>
> I do see this:
>
> Matching is done first by checking the local rules individually, in
> the order of the most specific to the least specific. If a match is
> found, then the remote rules are applied. The name, nfail, and
> disable fields can be altered by the remote rule that matched.
>
> Does it mean [remote] simply overrides [local]?
Yes, rules in the [remote] section should override anything in the
[local] section, and in particular since the rule in the [remote]
section can set a new "nfail" value, using "*" will mean "never block".
--
Greg A. Woods <gwo...@acm.org>
Kelowna, BC +1 250 762-7675 RoboHack <wo...@robohack.ca>
Planix, Inc. <wo...@planix.com> Avoncote Farms <wo...@avoncote.ca>
pgpIgGaUJkfdK.pgp
Description: OpenPGP Digital Signature
