Hi Joel, > I have installed blacklistd on -10.0 and, if daemon runs fine, it > doesn't block attacks. I have read several pages and I suppose I have > done a misconfiguration somewhere. > > My configuration is very simple. I only have to block ssh. thus, I have > written in /etc/blacklistd.conf :
Looks basically good to me, but two ideas to verify things: (1) It's blAcklistd* in up to NetBSD-9, but blOcklistd* from 10 on. (2) Make sure that wm2 is your outward interface and not, say, pppoe (over wm2). You could also simply leave off the "wm2:" spec in your config file. > I suppose something is missing between ssh and blacklistd. And I don't > understand how 'ruleset "blacklistd"' works. man npf.conf doesn't help. It's documented in blocklistd(8), see "-C" and: FILES /libexec/blocklistd-helper Shell script invoked to interface with the packet filter. Martin Neitzel