Date: Mon, 9 Feb 2026 08:07:35 -0800 From: Doug Hardie <bc979@lafn.org> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@freebsd.org> Cc: questions@freebsd.org Subject: Re: blacklistd vs blocklistd Message-ID: <7045A542-5EDA-4AF8-ADFD-5EE0072B67CE@lafn.org> In-Reply-To: <86v7g56het.fsf@ltc.des.dev> References: <791ACFD5-4DDC-4454-A88B-077801822560@lafn.org> <86zf5i6btk.fsf@ltc.des.dev> <A06CF97C-2AE6-4CB2-A044-BB522B35C7A0@lafn.org> <86v7g56het.fsf@ltc.des.dev>
index | next in thread | previous in thread | raw e-mail
> On Feb 9, 2026, at 07:55, Dag-Erling Smørgrav <des@freebsd.org> wrote:
>
> Doug Hardie <bc979@lafn.org> writes:
>> I switched back to blocklistd, but the previous blacklistd entries
>> show with blocklistctl, but pfctl only finds 5 entries whereas before
>> there were over 800. Also, I previously was seeing around 80 new
>> blocking entries added every hour. Now I am seeing 2 in the pf
>> tables.
>
> Switching from one to the other changes the name of the pf anchor. Did
> you update your pf.conf accordingly, and are you sure you're looking at
> the correct anchor and table? For instance, if running blocklistd, you
> would use the following command to see blocked IPs:
>
> sudo pfctl -a blocklistd/22 -t port22 -Ts
The current values are:
mail# pfctl -ablocklistd/587 -tport587 -Ts | wc -l
406
mail# pfctl -ablocklistd/25 -tport25 -Ts | wc -l
141
However, there are 900 entries in blocklists table. All of them are prior to switching to blocklist. Since then, everything is working properly. It's just that the preexisting entries never got put into pf even though I got hundreds of pf messages that I was adding an existing IP to the table. In about 9 hours, all of the missing entries will have been deleted from blocklist as they expire.
-- Doug
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7045A542-5EDA-4AF8-ADFD-5EE0072B67CE>