On Tue, May 30, 2023 at 03:54:52PM -0000, Michael van Elst wrote:
> ignat...@cs.uni-bonn.de writes:
>
> >Hello,
>
> >is there a minimal example how to configure bl*cklistd and npf to
> >block attacks on sshd?
>
> /etc/bl*cklistd.conf:
> # Bl*cklist rule
> # adr/mask:port type proto owner name nfail disable
> [local]
> ssh stream tcp * * 5 3h
> ssh stream tcp6 * * 5 3h
>
> /etc/npf.conf:
> $primary_if = "wm0"
> group "external" on $primary_if {
> ruleset "bl*cklistd"
> }
>
> # bl*cklistctl dump -a | wc
> 13 53 609
>
>
What puzzles me is:
# blocklistctl dump -a | wc
53 218 2497
BUT:
# npfctl rule blocklistd list | wc
3 45 254
Only 3 hosts apparently being blocked by npf vs 53.
Cheers,
Patrick
