From owner-freebsd-questions@freebsd.org Wed Nov 15 21:27:56 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 83C1BDE7C50 for ; Wed, 15 Nov 2017 21:27:56 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 26FD37CA17; Wed, 15 Nov 2017 21:27:56 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x230.google.com with SMTP id v186so5638269wma.2; Wed, 15 Nov 2017 13:27:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Ft/Bdp82+IgtxCgEzUiHuO1PCLhNfATD9X5IjwRSpXA=; b=FeO/p6Dy8AkZIj1qKK4Yl+IVkI8AQZABHd1pW5LYqfmTXr3mcirLJ2LHcYgu95T0KB xMSGL+q7XQPykmtCy4NQsih4dgrLs0/kPuJBxZZFPnTp3bFjSmVz/mk51gOdrQnt3tOq Kv+l4HQrkfRwE6InJbSOdDcd740A+xyd/7T44aalFhji4m2BPEmsoBwpClv0ef/irphc FPllg/y8ahVfz0Q7MYPBRJI66xqHESjoHRSoQ8Z1CKtq6cCKvvptPttuqqr3WgWEzpo9 stm9VyQUEPn3/wrhuHxJNSsNjlC0cdf2Jk1KIsO26S3QFYkLIldyy//sRPH+QfZBCO2J +wPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Ft/Bdp82+IgtxCgEzUiHuO1PCLhNfATD9X5IjwRSpXA=; b=kLiyYCFOkSItEX/RZoNSXNZoeKuYtU3UyGvT8STY5AoR3M1aRehZ2qJOIV+5iUaihP 9PK1ttfFG1eqbOXKX9OQa2G8ATL8rIDR6nEYMQQOuuFS91lof0jhtrsFVBeApVaAd78U 0BM/DT0VsCEfAr3k3hYODfXyMPbTbelk6lUCB6S+wgwyjhm9IO1KmqJu+OWj/wzCk4mP DNLkiBD5KdlFIrPm3QHwsPSWOKNuSXnxbNWnsZa5cTA6OGpdi+pM/W/Quh6EB5ynZq2r tHoH30C/XerfOue9lNXCiFzNHlHOH6vUoN1biAvnHU9U+vA9zVPs+csLus+Uj2aS0gYT /sBg== X-Gm-Message-State: AJaThX4b84taK7B4fJQCMJ53t+P02BOsvqyYGtvZR1SVntUR/VdojpML vwllgZQi7Fsp3vQxHVzgn1vSINiaQIM1jJIG7YebyUgx X-Google-Smtp-Source: AGs4zMbPxE3t5KRLdhErq/yWwNOlIMph8zSCMURjO3ea01OHM173Jxx1VDzIjn8UXWS3kulBhnJOQ9GPgVu2DMXMvmc= X-Received: by 10.28.69.91 with SMTP id s88mr12747663wma.19.1510781274154; Wed, 15 Nov 2017 13:27:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.125.8 with HTTP; Wed, 15 Nov 2017 13:27:53 -0800 (PST) In-Reply-To: References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> <20171107162914.G9710@sola.nimnet.asn.au> <20171108012948.A9710@sola.nimnet.asn.au> <20171111213759.I72828@sola.nimnet.asn.au> <20171115192830.R72828@sola.nimnet.asn.au> From: Cos Chan Date: Wed, 15 Nov 2017 22:27:53 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Kurt Lidl Cc: Ian Smith , freebsd-questions , Michael Ross Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 21:27:56 -0000 On Wed, Nov 15, 2017 at 5:02 PM, Kurt Lidl wrote: > On 11/15/17 6:46 AM, Cos Chan wrote: > > blacklistd.log: >> Nov 15 12:13:42 res blacklistd[22100]: blocked 132.148.128.234/32:22 < >> http://132.148.128.234/32:22> for -1 seconds >> Nov 15 12:15:40 res blacklistd[22100]: rule exists OK >> Nov 15 12:15:40 res blacklistd[22100]: blocked 132.148.128.234/32:22 < >> http://132.148.128.234/32:22> for -1 seconds >> > > The "-1 seconds" looks fishy to me. > > What is the /etc/blacklistd.conf on this machine? the blacklistd.conf was here under while I got above logs: # adr/mask:port type proto owner name nfail disable [local] ssh stream * * * 2 * ftp stream * * * 2 * smtp stream * * * 2 * # adr/mask:port type proto owner name nfail disable [remote] > > > -Kurt > > -- with kind regards