From nobody Mon Feb 9 16:07:35 2026 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f8qNM3Q4Cz6Rf7K for ; Mon, 09 Feb 2026 16:07:47 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from mail.sermon-archive.info (sermon-archive.info [47.181.130.121]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4f8qNM1JQrz3KT8; Mon, 09 Feb 2026 16:07:47 +0000 (UTC) (envelope-from bc979@lafn.org) Authentication-Results: mx1.freebsd.org; none Received: from smtpclient.apple (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 4f8qNK4ZTsz1tDrj; Mon, 09 Feb 2026 08:07:45 -0800 (PST) Content-Type: text/plain; charset=utf-8 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.300.41.1.7\)) Subject: Re: blacklistd vs blocklistd From: Doug Hardie In-Reply-To: <86v7g56het.fsf@ltc.des.dev> Date: Mon, 9 Feb 2026 08:07:35 -0800 Cc: questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <7045A542-5EDA-4AF8-ADFD-5EE0072B67CE@lafn.org> References: <791ACFD5-4DDC-4454-A88B-077801822560@lafn.org> <86zf5i6btk.fsf@ltc.des.dev> <86v7g56het.fsf@ltc.des.dev> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= X-Mailer: Apple Mail (2.3864.300.41.1.7) X-Virus-Scanned: clamav-milter 1.5.1 at mail X-Virus-Status: Clean X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:5650, ipnet:47.181.128.0/18, country:US] X-Rspamd-Queue-Id: 4f8qNM1JQrz3KT8 X-Spamd-Bar: ---- > On Feb 9, 2026, at 07:55, Dag-Erling Sm=C3=B8rgrav = wrote: >=20 > Doug Hardie writes: >> I switched back to blocklistd, but the previous blacklistd entries >> show with blocklistctl, but pfctl only finds 5 entries whereas before >> there were over 800. Also, I previously was seeing around 80 new >> blocking entries added every hour. Now I am seeing 2 in the pf >> tables. >=20 > Switching from one to the other changes the name of the pf anchor. = Did > you update your pf.conf accordingly, and are you sure you're looking = at > the correct anchor and table? For instance, if running blocklistd, = you > would use the following command to see blocked IPs: >=20 > sudo pfctl -a blocklistd/22 -t port22 -Ts The current values are: mail# pfctl -ablocklistd/587 -tport587 -Ts | wc -l 406 mail# pfctl -ablocklistd/25 -tport25 -Ts | wc -l 141 However, there are 900 entries in blocklists table. All of them are = prior to switching to blocklist. Since then, everything is working = properly. It's just that the preexisting entries never got put into pf = even though I got hundreds of pf messages that I was adding an existing = IP to the table. In about 9 hours, all of the missing entries will have = been deleted from blocklist as they expire. -- Doug