Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
BLACKLISTCTL(8)		    System Manager's Manual	       BLACKLISTCTL(8)

NAME
       blacklistctl -- display and change the state of the blacklistd database

SYNOPSIS
       blacklistctl dump [-abdnrw] [-D dbname]

DESCRIPTION
       blacklistctl  is	 a program used	to display and change the state	of the
       blacklistd(8) database.	The following sub-commands are supported:

   dump
       The following options are available for the dump	sub-command:

       -a      Show all	database entries, by default it	shows only the	active
	       ones.   Inactive	 entries will be shown with a last-access (or,
	       with -r,	the remaining) time of `never'.

       -b      Show only the blocked entries.

       -D dbname
	       Specify the location of the blacklistd database	file  to  use.
	       The default is /var/db/blocklistd.db.

       -d      Increase	debugging level.

       -n      Don't display a header.

       -r      Show  the  remaining  blocked time instead of the last activity
	       time.

       -w      Normally	the width of addresses is good for IPv4, the -w	 flag,
	       makes the display wide enough for IPv6 addresses.

       The  output of the dump sub-command consists of a header	(unless	-n was
       given) and one line for each record in the database,  where  each  line
       has the following columns:

       `address/ma:port'
	       The  remote  address, mask, and local port number of the	client
	       connection associated with the database entry.

       `id'    column will show	the identifier for the packet filter rule  as-
	       sociated	 with  the database entry, though this may only	be the
	       word `OK' for packet filters which do not create	a unique iden-
	       tifier for each rule.

       `nfail'
	       The number of failures reported for the	client	on  the	 noted
	       port, as	well as	the number of failures allowed before blocking
	       (or, with -a, an	asterisk <*>)

       `last access' | `remaining time'
	       The  last  time a the client was	reported as attempting access,
	       or, with	-r, the	time remaining before the  rule	 blocking  the
	       client will be removed.

SEE ALSO
       blacklistd(8)

NOTES
       The blacklistctl	program	has been renamed to blocklistctl(8).

       Sometimes  the reported number of failed	attempts can exceed the	number
       of attempts that	blacklistd(8) is configured to block.  This can	happen
       either because the rule has been	removed	 manually,  or	because	 there
       were  more  attempts  in	 flight	 while the rule	block was being	added.
       This condition is normal; in that case blacklistd(8) will first attempt
       to remove the existing rule, and	then it	will re-add it	to  make  sure
       that there is only one rule active.

HISTORY
       blacklistctl   first   appeared	in  NetBSD  7.	 FreeBSD  support  for
       blacklistctl was	implemented in FreeBSD 11.

AUTHORS
       Christos	Zoulas

FreeBSD	15.0		       January 27, 2025		       BLACKLISTCTL(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=blacklistctl&sektion=8&manpath=FreeBSD+15.0-RELEASE+and+Ports>

home | help