buf, dbi.count, c.c_nfail,
+		    fmttime(b1, sizeof(b1), dbi.last),
+		    fmttime(b2, sizeof(b2), ts.tv_sec));
+	}
+}
+
+static void
+update_interfaces(void)
+{
+	struct ifaddrs *oifas, *nifas;
+
+	if (getifaddrs(&nifas) == -1)
+		return;
+
+	oifas = ifas;
+	ifas = nifas;
+
+	if (oifas)
+		freeifaddrs(oifas);
+}
+
+static void
+update(void)
+{
+	struct timespec ts;
+	struct conf c;
+	struct dbinfo dbi;
+	unsigned int f, n;
+	char buf[128];
+	void *ss = &c.c_ss;
+
+	if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
+		(*lfun)(LOG_ERR, "clock_gettime failed (%m)");
+		return;
+	}
+
+again:
+	for (n = 0, f = 1; state_iterate(state, &c, &dbi, f) == 1;
+	    f = 0, n++)
+	{
+		time_t when = c.c_duration + dbi.last;
+		if (debug > 1) {
+			char b1[64], b2[64];
+			sockaddr_snprintf(buf, sizeof(buf), "%a:%p", ss);
+			(*lfun)(LOG_DEBUG, "%s:[%u] %s count=%d duration=%d "
+			    "last=%s " "now=%s", __func__, n, buf, dbi.count,
+			    c.c_duration, fmttime(b1, sizeof(b1), dbi.last),
+			    fmttime(b2, sizeof(b2), ts.tv_sec));
+		}
+		if (c.c_duration == -1 || when >= ts.tv_sec)
+			continue;
+		if (dbi.id[0]) {
+			run_change("rem", &c, dbi.id, 0);
+			sockaddr_snprintf(buf, sizeof(buf), "%a", ss);
+			(*lfun)(LOG_INFO, "released %s/%d:%d after %d seconds",
+			    buf, c.c_lmask, c.c_port, c.c_duration);
+		}
+		state_del(state, &c);
+		goto again;
+	}
+}
+
+static void
+addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd,
+    const char *path)
+{
+	bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog_r);
+	if (bl == NULL || !bl_isconnected(bl))
+		exit(EXIT_FAILURE);
+	if (*nfd >= *maxfd) {
+		*maxfd += 10;
+		*blp = realloc(*blp, sizeof(**blp) * *maxfd);
+		if (*blp == NULL)
+			err(EXIT_FAILURE, "malloc");
+		*pfdp = realloc(*pfdp, sizeof(**pfdp) * *maxfd);
+		if (*pfdp == NULL)
+			err(EXIT_FAILURE, "malloc");
+	}
+
+	(*pfdp)[*nfd].fd = bl_getfd(bl);
+	(*pfdp)[*nfd].events = POLLIN;
+	(*blp)[*nfd] = bl;
+	*nfd += 1;
+}
+
+static void
+uniqueadd(struct conf ***listp, size_t *nlist, size_t *mlist, struct conf *c)
+{
+	struct conf **list = *listp;
+
+	if (c->c_name[0] == '\0')
+		return;
+	for (size_t i = 0; i < *nlist; i++) {
+		if (strcmp(list[i]->c_name, c->c_name) == 0)
+			return;
+	}
+	if (*nlist == *mlist) {
+		*mlist += 10;
+		void *p = realloc(*listp, *mlist * sizeof(*list));
+		if (p == NULL)
+			err(EXIT_FAILURE, "Can't allocate for rule list");
+		list = *listp = p;
+	}
+	list[(*nlist)++] = c;
+}
+
+static void
+rules_flush(void)
+{
+	struct conf **list;
+	size_t nlist, mlist;
+
+	list = NULL;
+	mlist = nlist = 0;
+	for (size_t i = 0; i < rconf.cs_n; i++)
+		uniqueadd(&list, &nlist, &mlist, &rconf.cs_c[i]);
+	for (size_t i = 0; i < lconf.cs_n; i++)
+		uniqueadd(&list, &nlist, &mlist, &lconf.cs_c[i]);
+
+	for (size_t i = 0; i < nlist; i++)
+		run_flush(list[i]);
+	free(list);
+}
+
+static void
+rules_restore(void)
+{
+	DB *db;
+	struct conf c;
+	struct dbinfo dbi;
+	unsigned int f;
+
+	db = state_open(dbfile, O_RDONLY, 0);
+	if (db == NULL) {
+		(*lfun)(LOG_ERR, "Can't open `%s' to restore state (%m)",
+			dbfile);
+		return;
+	}
+	for (f = 1; state_iterate(db, &c, &dbi, f) == 1; f = 0) {
+		if (dbi.id[0] == '\0')
+			continue;
+		(void)run_change("add", &c, dbi.id, sizeof(dbi.id));
+		state_put(state, &c, &dbi);
+	}
+	state_close(db);
+	state_sync(state);
+}
+
+int
+main(int argc, char *argv[])
+{
+	int c, tout, flags, flush, restore, ret;
+	const char *spath, **blsock;
+	size_t nblsock, maxblsock;
+
+	setprogname(argv[0]);
+
+	spath = NULL;
+	blsock = NULL;
+	maxblsock = nblsock = 0;
+	flush = 0;
+	restore = 0;
+	tout = 0;
+	flags = O_RDWR|O_EXCL|O_CLOEXEC;
+	while ((c = getopt(argc, argv, "C:c:D:dfP:rR:s:t:v")) != -1) {
+		switch (c) {
+		case 'C':
+			controlprog = optarg;
+			break;
+		case 'c':
+			configfile = optarg;
+			break;
+		case 'D':
+			dbfile = optarg;
+			break;
+		case 'd':
+			debug++;
+			break;
+		case 'f':
+			flush++;
+			break;
+		case 'P':
+			spath = optarg;
+			break;
+		case 'R':
+			rulename = optarg;
+			break;
+		case 'r':
+			restore++;
+			break;
+		case 's':
+			if (nblsock >= maxblsock) {
+				maxblsock += 10;
+				void *p = realloc(blsock,
+				    sizeof(*blsock) * maxblsock);
+				if (p == NULL)
+				    err(EXIT_FAILURE,
+					"Can't allocate memory for %zu sockets",
+					maxblsock);
+				blsock = p;
+			}
+			blsock[nblsock++] = optarg;
+			break;
+		case 't':
+			tout = atoi(optarg) * 1000;
+			break;
+		case 'v':
+			vflag++;
+			break;
+		default:
+			usage(c);
+		}
+	}
+
+	argc -= optind;
+	if (argc)
+		usage('?');
+
+	signal(SIGHUP, sighup);
+	signal(SIGINT, sigdone);
+	signal(SIGQUIT, sigdone);
+	signal(SIGTERM, sigdone);
+	signal(SIGUSR1, sigusr1);
+	signal(SIGUSR2, sigusr2);
+
+	openlog(getprogname(), LOG_PID, LOG_DAEMON);
+
+	if (debug) {
+		lfun = dlog;
+		if (tout == 0)
+			tout = 5000;
+	} else {
+		if (tout == 0)
+			tout = 15000;
+	}
+
+	update_interfaces();
+	conf_parse(configfile);
+	if (flush) {
+		rules_flush();
+		if (!restore)
+			flags |= O_TRUNC;
+	}
+
+	struct pollfd *pfd = NULL;
+	bl_t *bl = NULL;
+	size_t nfd = 0;
+	size_t maxfd = 0;
+
+	for (size_t i = 0; i < nblsock; i++)
+		addfd(&pfd, &bl, &nfd, &maxfd, blsock[i]);
+	free(blsock);
+
+	if (spath) {
+		FILE *fp = fopen(spath, "r");
+		char *line;
+		if (fp == NULL)
+			err(EXIT_FAILURE, "Can't open `%s'", spath);
+		for (; (line = fparseln(fp, NULL, NULL, NULL, 0)) != NULL;
+		    free(line))
+			addfd(&pfd, &bl, &nfd, &maxfd, line);
+		fclose(fp);
+	}
+	if (nfd == 0)
+		addfd(&pfd, &bl, &nfd, &maxfd, _PATH_BLSOCK);
+
+	state = state_open(dbfile, flags, 0600);
+	if (state == NULL)
+		state = state_open(dbfile,  flags | O_CREAT, 0600);
+	if (state == NULL)
+		return EXIT_FAILURE;
+
+	if (restore) {
+		if (!flush)
+			rules_flush();
+		rules_restore();
+	}
+
+	if (!debug) {
+		if (daemon(0, 0) == -1)
+			err(EXIT_FAILURE, "daemon failed");
+		if (pidfile(NULL) == -1)
+			err(EXIT_FAILURE, "Can't create pidfile");
+	}
+
+	for (size_t t = 0; !done; t++) {
+		if (readconf) {
+			readconf = 0;
+			conf_parse(configfile);
+		}
+		ret = poll(pfd, (nfds_t)nfd, tout);
+		if (debug)
+			(*lfun)(LOG_DEBUG, "received %d from poll()", ret);
+		switch (ret) {
+		case -1:
+			if (errno == EINTR)
+				continue;
+			(*lfun)(LOG_ERR, "poll (%m)");
+			return EXIT_FAILURE;
+		case 0:
+			state_sync(state);
+			break;
+		default:
+			for (size_t i = 0; i < nfd; i++)
+				if (pfd[i].revents & POLLIN)
+					process(bl[i]);
+		}
+		if (t % 100 == 0)
+			state_sync(state);
+		if (t % 10000 == 0)
+			update_interfaces();
+		update();
+	}
+	state_close(state);
+	return 0;
+}
diff --git a/contrib/blocklist/bin/old_internal.c b/contrib/blocklist/bin/old_internal.c
new file mode 100644
index 000000000000..79093cc8b8ab
--- /dev/null
+++ b/contrib/blocklist/bin/old_internal.c
@@ -0,0 +1,50 @@
+/*	$NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#endif
+__RCSID("$NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
+
+#include <stdio.h>
+#include <syslog.h>
+#include "conf.h"
+#include "old_internal.h"
+
+int debug;
+const char *rulename = "blacklistd";
+const char *controlprog = _PATH_BLCONTROL;
+struct confset lconf, rconf;
+struct ifaddrs *ifas;
+void (*lfun)(int, const char *, ...) = syslog;
diff --git a/contrib/blocklist/bin/old_internal.h b/contrib/blocklist/bin/old_internal.h
new file mode 100644
index 000000000000..becee563e81d
--- /dev/null
+++ b/contrib/blocklist/bin/old_internal.h
@@ -0,0 +1,58 @@
+/*	$NetBSD: internal.h,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _OLD_INTERNAL_H
+#define _OLD_INTERNAL_H
+
+#ifndef _PATH_BLCONF
+#define	_PATH_BLCONF	"/etc/blacklistd.conf"
+#endif
+#ifndef _PATH_BLCONTROL
+#define	_PATH_BLCONTROL	"/usr/libexec/blacklistd-helper"
+#endif
+#ifndef _PATH_BLSTATE
+/* We want the new name, the old one would be incompatible after 24932b6 */
+#define	_PATH_BLSTATE	"/var/db/blocklistd.db"
+#endif
+
+extern struct confset rconf, lconf;
+extern int debug;
+extern const char *rulename;
+extern const char *controlprog;
+extern struct ifaddrs *ifas;
+
+#if !defined(__syslog_attribute__) && !defined(__syslog__)
+#define __syslog__ __printf__
+#endif
*** 2511 LINES SKIPPED ***