At Sat, 3 Apr 2021 12:30:46 +0530, Mayuresh wrote:
Subject: Re: blocklistd: How to keep my dynamic IP from getting blocked
>
> Between these two: 1. Let blocklistd try to block and let npf overrule vs
> 2. Let blocklistd not block. Isn't the latter more economical?
I would include worry
At Sat, 3 Apr 2021 11:45:59 +0530, Mayuresh wrote:
Subject: Re: blocklistd: How to keep my dynamic IP from getting blocked
>
> Just looked at man blacklistd.conf
>
> I guess nfail=* (means never) is what I have to use? And this entry with
> ip address would be in [remote], right
On Sat, Apr 03, 2021 at 03:18:22PM +0200, Martin Neitzel wrote:
> Firewalls (and many other security-related configs) in general
> require you to state everything in terms of fixed addresses and
> not (DNS-dependent) hostnames, for good reasons:
Thanks. It's clearer to me now. It's a reasonable
On Sat, Apr 03, 2021 at 06:02:03PM +0530, Mayuresh wrote:
> > BTW does blacklistd.conf accept hostname instead of IP, which I can
> > manipulate in /etc/hosts?
>
> PS: I mean, I tried that way but it didn't work (hostname with /etc/hosts
> entry didn't work, IP did). Wondering whether it's
On Sat, Apr 03, 2021 at 06:02:03PM +0530, Mayuresh wrote:
> BTW does blacklistd.conf accept hostname instead of IP, which I can
> manipulate in /etc/hosts?
PS: I mean, I tried that way but it didn't work (hostname with /etc/hosts
entry didn't work, IP did). Wondering whether it's supposed to be
On Sat, Apr 03, 2021 at 09:24:40AM +0200, Martin Husemann wrote:
> It is just a matter of what seems clearer / simpler to you.
BTW does blacklistd.conf accept hostname instead of IP, which I can
manipulate in /etc/hosts?
--
Mayuresh
On Sat, Apr 03, 2021 at 12:30:46PM +0530, Mayuresh wrote:
> Between these two: 1. Let blocklistd try to block and let npf overrule vs
> 2. Let blocklistd not block. Isn't the latter more economical?
Pretty sure there would be no measurable performance difference.
It is just a matter of what seems
On Sat, Apr 03, 2021 at 08:32:10AM +0200, Martin Husemann wrote:
> I would do a table containing your dynamic IP addresses and then follow
> the npfctl man page's EXAMPLE section, either add the new IP and then rem
> the old, or write to a temp file and replace the whole table.
>
> Then make sure
On Sat, Apr 03, 2021 at 11:45:59AM +0530, Mayuresh wrote:
> On Fri, Apr 02, 2021 at 11:20:18AM -0700, Greg A. Woods wrote:
> > Just tell blocklistd not to block that IP!
>
> I posed my question like that originally! Something led me to believe that
> this needs to be done at npf level, which
On Fri, Apr 02, 2021 at 11:20:18AM -0700, Greg A. Woods wrote:
> Just tell blocklistd not to block that IP!
I posed my question like that originally! Something led me to believe that
this needs to be done at npf level, which could be my misunderstanding.
But thanks for containing the drift.
Just
At Fri, 2 Apr 2021 11:24:53 +0530, Mayuresh wrote:
Subject: Re: blocklistd: How to keep my dynamic IP from getting blocked
>
> I can store a whitelist in a file and when it changes I can trigger (say)
> reload of npf. (I might possibly do something like tail -f on a file to
On Wed, Mar 31, 2021 at 11:49:41AM -, Michael van Elst wrote:
> If you can store the whitelist in a file, you can define a file-based
> npf table and reload the npf configuration or you can run npfctl
> to inject/remove a rule when the whitelist changes. The latter is
> more complicated since
Mayuresh wrote in
<20210331170102.GA1969@localhost>:
|On Wed, Mar 31, 2021 at 09:42:45AM -0700, Greg A. Woods wrote:
...
|> That becomes more complicated if it's the remote (client) side that has
|> the changing address and you don't already have a pre-determined way to
|> do these updates
On Wed, Mar 31, 2021 at 09:42:45AM -0700, Greg A. Woods wrote:
> > > (Let's keep aside why autossh manages to fail auth for now.)
>
> Well, that is the very root of the problem, is it not? :-)
It is. I have tried identifying a while back but could not figure out why
it happens. IIRC the client
At Wed, 31 Mar 2021 11:13:51 - (UTC), mlel...@serpens.de (Michael van Elst)
wrote:
Subject: Re: blocklistd: How to keep my dynamic IP from getting blocked
>
> mayur...@acm.org (Mayuresh) writes:
> >
> > Strangely autossh manages to fail auth irking blocklistd and that en
mayur...@acm.org (Mayuresh) writes:
>Thanks. Here the IP to whitelist is dynamic. I can arrange to put it in a
>file, but it may change and the file will be modified accordingly. What's
>a good way out to handle this?
If you can store the whitelist in a file, you can define a file-based
npf
On Wed, Mar 31, 2021 at 11:13:51AM -, Michael van Elst wrote:
> That's the more logical way. blocklistd works as designed and the login
> failures trigger an entry in the blocklist. If you don't want to block
> specific IPs, allow them by a specific rule, then it's also more clear
> what is
mayur...@acm.org (Mayuresh) writes:
>Strangely autossh manages to fail auth irking blocklistd and that ends up
>blocking access to all devices at home as they share the same external
>dynamic IP. (Let's keep aside why autossh manages to fail auth for now.)
>Alternatively does it need to be done
I have a NetBSD 9.1 VPS server running blocklistd
At home I have an ISP connection which provides me a dynamic IP. Several
devices from home connect to VPS over ssh, many of them use autossh to
hold the connection active (for some reason but that's another story).
Strangely autossh manages to
19 matches
Mail list logo