Martin Neitzel a écrit : > Hi Joel, > >> I have installed blacklistd on -10.0 and, if daemon runs fine, it >> doesn't block attacks. I have read several pages and I suppose I have >> done a misconfiguration somewhere. >> >> My configuration is very simple. I only have to block ssh. thus, I have >> written in /etc/blacklistd.conf : > > Looks basically good to me, but two ideas to verify things: > > (1) It's blAcklistd* in up to NetBSD-9, but blOcklistd* from 10 on.
I have in -10 blAcklistd and blOcklistd. Is blacklistd now unsupported ? Man pages seem to be very similar. > (2) Make sure that wm2 is your outward interface and not, say, > pppoe (over wm2). You could also simply leave off the "wm2:" spec > in your config file. I'm sure that wm2 is my WAN interface. >> I suppose something is missing between ssh and blacklistd. And I don't >> understand how 'ruleset "blacklistd"' works. man npf.conf doesn't help. > > It's documented in blocklistd(8), see "-C" and: > > FILES > /libexec/blocklistd-helper Shell script invoked to interface with the > packet filter. I have checked /libexec/blacklistd-helper. But as blacklistctl dump doesn't return anything, I suppose something is broken before call of /libexec/blacklistd-helper. Regards, JB