Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
BLACKLISTD.CONF(5)	      File Formats Manual	    BLACKLISTD.CONF(5)

NAME
       blacklistd.conf -- configuration	file format for	blacklistd

DESCRIPTION
       The   blacklistd.conf   file   contains	 configuration	 entries   for
       blacklistd(8) in	a fashion similar to inetd.conf(5).   Only  one	 entry
       per  line  is  permitted.   Every entry must have all fields populated.
       Each field can be separated by a	tab or a space.	 Comments are  denoted
       by a "#"	at the beginning of a line.

       There  are  two kinds of	configuration lines, local and remote.	By de-
       fault, configuration lines are local, i.e. the address specified	refers
       to the addresses	on the local machine.  To switch to between local  and
       remote  configuration  lines you	can specify the	stanzas: "[local]" and
       "[remote]".

       On local	and remote lines "*" means use the default, or wildcard	match.
       In addition, for	remote lines "=" means use the values from the matched
       local configuration line.

       The first four fields, location,	type, proto, and  owner	 are  used  to
       match  the  local  or remote addresses, whereas the last	3 fields name,
       nfail, and disable are used to modify the filtering action.

       The first field denotes the location as an  address,  mask,  and	 port.
       The syntax for the location is:

		     [<address>|<interface>][/<mask>][:<port>]

       The  address  can be an IPv4 address in numeric format, an IPv6 address
       in numeric format and enclosed by  square  brackets,  or	 an  interface
       name.   Mask modifiers are not allowed on interfaces because interfaces
       can have	multiple addresses in different	protocols where	the mask has a
       different size.

       The mask	is always numeric, but the port	can be either numeric or  sym-
       bolic.

       The  second  field  is the socket type: stream, dgram, or numeric.  The
       third field is the protocol: tcp, udp, tcp6,  udp6,  or	numeric.   The
       fourth  field  is  the effective	user (owner) of	the daemon process re-
       porting the event, either as a username or a userid.

       The rest	of the fields control the behavior of the filter.

       The name	field, is the name of the packet filter	rule to	be  used.   If
       the  name  starts with a	"-", then the default rulename is prepended to
       the given name.	If the name contains a "/", the	remaining  portion  of
       the name	is interpreted as the mask to be applied to the	address	speci-
       fied  in	 the rule, causing a single rule violation to block the	entire
       subnet for the configured prefix.

       The nfail field contains	the number of failed attempts before access is
       blocked,	defaulting to "*" meaning never, and the  last	field  disable
       specifies  the  amount  of time since the last access that the blocking
       rule should be active, defaulting to "*"	meaning	forever.  The  default
       unit for	disable	is seconds, but	one can	specify	suffixes for different
       units, such as "m" for minutes "h" for hours and	"d" for	days.

       Matching	is done	first by checking the local rules individually,	in the
       order of	the most specific to the least specific.  If a match is	found,
       then the	remote rules are applied.  The name, nfail, and	disable	fields
       can be altered by the remote rule that matched.

       The  remote rules can be	used for allowing specific addresses, changing
       the mask	size, the rule that the	packet	filter	uses,  the  number  of
       failed attempts,	or the block duration.

FILES
       /etc/blacklistd.conf  Configuration file.

EXAMPLES
	       # Block ssh, after 3 attempts for 6 hours on the	bnx0 interface
	       [local]
	       # location      type    proto   owner   name    nfail   duration
	       bnx0:ssh	       *       *       *       *       3       6h
	       [remote]
	       # Never block 1.2.3.4
	       1.2.3.4:ssh     *       *       *       *       *       *
	       # For addresses coming from 8.8.0.0/16 block whole /24 networks instead of
	       # individual hosts, but keep the	rest of	the blocking parameters	the same.
	       8.8.0.0/16:ssh  *       *       *       /24     =       =

SEE ALSO
       blacklistctl(8),	blacklistd(8)

HISTORY
       blacklistd.conf	first  appeared	 in  NetBSD  7.	  FreeBSD  support for
       blacklistd.conf was implemented in FreeBSD 11.

AUTHORS
       Christos	Zoulas

FreeBSD	14.3			 May 18, 2020		    BLACKLISTD.CONF(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=blacklistd.conf&sektion=5&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help