| BLACKLISTD(8) | System Manager's Manual | BLACKLISTD(8) | 
blacklistd —
| blacklistd | [ -dfrv] [-Ccontrolprog] [-cconfigfile] [-Ddbfile] [-Psockpathsfile] [-Rrulename] [-ssockpath] [-ttimeout] | 
blacklistd is a daemon similar to
  syslogd(8) that listens to
  sockets at paths specified in the sockpathsfile for
  notifications from other daemons about successful or failed connection
  attempts. If no such file is specified, then it only listens to the socket
  path specified by sockspath or if that is not specified
  to /var/run/blacklistd.sock. Each notification
  contains an (action, port, protocol, address, owner) tuple that identifies the
  remote connection and the action. This tuple is consulted against entries in
  configfile with syntax specified in
  blacklistd.conf(5). If
  an entry is matched, a state entry is created for that tuple. Each entry
  contains a number of tries limit and a duration.
If the action is “add” and the number of tries limit is reached, then a control script controlprog is invoked with arguments:
control add <rulename> <proto> <address> <mask> <port>
and should invoke a packet filter command to block the connection
    specified by the arguments. The rulename argument can
    be set from the command line (default blacklistd).
    The script could print a numerical id to stdout as a handle for the rule
    that can be used later to remove that connection, but that is not required
    as all information to remove the rule is kept.
If the action is “remove” Then the same control script is invoked as:
control remove <rulename> <proto> <address> <mask> <port> <id>
where id is the number returned from the “add” action.
blacklistd maintains a database of known
    connections in dbfile. On startup it reads entries
    from that file, and updates its internal state.
blacklistd checks the list of active
    entries every timeout seconds (default
    15) and removes entries and block rules using the
    control program as necessary.
The following options are available:
-C
    controlprogadd,
          rem, or flush to add,
          remove or flush a firewall rule.tcp, tcp6,
          udp, udp6.-c
    configuration-D
    dbfileblacklistd stores its
      state, usually /var/run/blacklistd.db.-dblacklistd disassociates itself from the
      terminal unless the -d flag is specified, in which
      case it stays in the foreground.-f
control flush <rulename>
    
    -P
    sockspathsfileblacklistd will create sockets to listen to. This
      is useful for chrooted environments.-R
    rulenameblacklistd.-r-s
    sockpathblacklistd listens to.-t
    timeoutblacklistd polls the state
      file to update the rules.-vblacklistd to print diagnostic messages to
      stdout instead of
      syslogd(8).blacklistd first appeared in NetBSD
  7. FreeBSD support for
  blacklistd was implemented in FreeBSD
  11.
| June 7, 2016 | NetBSD 9.4 |