From owner-freebsd-questions@freebsd.org  Fri Nov 25 20:12:23 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87A89C55BA1
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 25 Nov 2016 20:12:23 +0000 (UTC)
 (envelope-from citrin+bsd@citrin.ru)
Received: from hz.citrin.ru (hz.citrin.ru [IPv6:2a01:4f8:d16:10c3::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 53BF4E2D
 for <freebsd-questions@freebsd.org>; Fri, 25 Nov 2016 20:12:23 +0000 (UTC)
 (envelope-from citrin+bsd@citrin.ru)
Received: from x220.lan (c-24-60-168-172.hsd1.ct.comcast.net [24.60.168.172])
 by hz.citrin.ru (Postfix) with ESMTPSA id 2A95528A66D
 for <freebsd-questions@freebsd.org>; Fri, 25 Nov 2016 20:12:20 +0000 (UTC)
To: freebsd-questions@freebsd.org
From: Anton Yuzhaninov <citrin+bsd@citrin.ru>
Subject: blacklistd(8) - entries don't removed
Message-ID: <5ee1dcc7-643b-a7b1-7d1c-1017599bdfe5@citrin.ru>
Date: Fri, 25 Nov 2016 15:12:18 -0500
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrin.ru; s=s0;
 t=1480104740; bh=K4ClL6TaY/9yBjl6PN85a2+lyBKPqe6TlylwCb71FBM=;
 h=To:From:Subject:Message-ID:Date:MIME-Version:Content-Type:Content-Transfer-Encoding;
 b=XvkRtj2y0hC4ul0cZvXkOZUXghM8alvOESmXTKsuUWIv/g609gKyRnsyKn1CG3rK3eWzcSRQVd+AlTuviFqk60vVRiPboSZs8SnsHXCUHThx82UejL5RnxX7baIwijDcDwC3a+VucK0AT6EOymEMtwQeBlgcT0eBRcbiv++43yo=
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Nov 2016 20:12:23 -0000

Hi all.

I started to use blacklistd(8) to protect sshd from bruteforce.

Entries are added to ipfw table via controlprog but never removed.

Blocked hosts after some time are removed from state database but even in
blacklistd -C /usr/local/libexec/blacklistd-helper -r -d -v
I see no attempts to run blacklistd-helper rem

Database contains stale entries:
$ blacklistctl dump -ar
         address/ma:port id      nfail   remaining time
   92.217.66.103/32:22           4/-1    -21d-38h-21m-38s
   92.76.193.217/32:22           4/-1    -11d-57h-2m-26s
    92.50.166.71/32:22           40/-1   -12d-29h-39m-57s

but ipfw table contains much more hosts...

Right now I have no time to debug this myself, but curious - does 
anybody see same problems with blacklistd?