Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
BLOCKLISTCTL(8)		    System Manager's Manual	       BLOCKLISTCTL(8)

NAME
       blocklistctl -- display and change the state of the blocklistd database

SYNOPSIS
       blocklistctl dump [-abdnrw] [-D dbname]

DESCRIPTION
       blocklistctl  is	 a program used	to display and change the state	of the
       blocklistd(8) database.	The following sub-commands are supported:

   dump
       The following options are available for the dump	sub-command:

       -a      Show all	database entries, by default it	shows only the	active
	       ones.   Inactive	 entries will be shown with a last-access (or,
	       with -r,	the remaining) time of `never'.

       -b      Show only the blocked entries.

       -D dbname
	       Specify the location of the blocklistd database	file  to  use.
	       The default is /var/db/blocklistd.db.

       -d      Increase	debugging level.

       -n      Don't display a header.

       -r      Show  the  remaining  blocked time instead of the last activity
	       time.

       -w      Normally	the width of addresses is good for IPv4, the -w	 flag,
	       makes the display wide enough for IPv6 addresses.

       The  output of the dump sub-command consists of a header	(unless	-n was
       given) and one line for each record in the database,  where  each  line
       has the following columns:

       `rulename'
	       The packet filter rule name associated with the database	entry,
	       usually blocklistd.

       `address/ma:port'
	       The  remote  address, mask, and local port number of the	client
	       connection associated with the database entry.

       `id'    column will show	the identifier for the packet filter rule  as-
	       sociated	 with  the database entry, though this may only	be the
	       word `OK' for packet filters which do not create	a unique iden-
	       tifier for each rule.

       `nfail'
	       The number of failures reported for the	client	on  the	 noted
	       port, as	well as	the number of failures allowed before blocking
	       (or, with -a, an	asterisk <*>)

       `last access' | `remaining time'
	       The  last  time a the client was	reported as attempting access,
	       or, with	-r, the	time remaining before the  rule	 blocking  the
	       client will be removed.

SEE ALSO
       blocklistd(8)

NOTES
       Sometimes  the reported number of failed	attempts can exceed the	number
       of attempts that	blocklistd(8) is configured to block.  This can	happen
       either because the rule has been	removed	 manually,  or	because	 there
       were  more  attempts  in	 flight	 while the rule	block was being	added.
       This condition is normal; in that case blocklistd(8) will first attempt
       to remove the existing rule, and	then it	will re-add it	to  make  sure
       that there is only one rule active.

HISTORY
       blocklistctl   first   appeared	in  NetBSD  7.	 FreeBSD  support  for
       blocklistctl was	implemented in FreeBSD 11.

AUTHORS
       Christos	Zoulas

FreeBSD	15.0		       October 25, 2025		       BLOCKLISTCTL(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=blocklistctl&sektion=8&manpath=FreeBSD+15.0-RELEASE+and+Ports>

home | help