At Sat, 3 Apr 2021 11:45:59 +0530, Mayuresh <mayur...@acm.org> wrote: Subject: Re: blocklistd: How to keep my dynamic IP from getting blocked > > Just looked at man blacklistd.conf > > I guess nfail=* (means never) is what I have to use? And this entry with > ip address would be in [remote], right?
Yes, correct. The EXAMPLES section in blocklistd.conf(5) should hopefully make it more clear. > What is unclear is the precedence - when one spec says block it and > another one says don't, how does blocklistd resolve it? > > I do see this: > > Matching is done first by checking the local rules individually, in > the order of the most specific to the least specific. If a match is > found, then the remote rules are applied. The name, nfail, and > disable fields can be altered by the remote rule that matched. > > Does it mean [remote] simply overrides [local]? Yes, rules in the [remote] section should override anything in the [local] section, and in particular since the rule in the [remote] section can set a new "nfail" value, using "*" will mean "never block". -- Greg A. Woods <gwo...@acm.org> Kelowna, BC +1 250 762-7675 RoboHack <wo...@robohack.ca> Planix, Inc. <wo...@planix.com> Avoncote Farms <wo...@avoncote.ca>
pgpIgGaUJkfdK.pgp
Description: OpenPGP Digital Signature