blocklistctl
—
display and change the state of the blocklistd database
blocklistctl |
dump [-abdnrw ] |
blocklistctl
is a program used to display and change the
state of the blocklistd(8)
database. The following sub-commands are supported:
The following options are available for the dump
sub-command:
-a
- Show all database entries, by default it shows only the active ones.
Inactive entries will be shown with a last-access (or, with
-r
, the remaining) time of
‘never
’.
-b
- Show only the blocked entries.
-d
- Increase debugging level.
-n
- Don't display a header.
-r
- Show the remaining blocked time instead of the last activity time.
-w
- Normally the width of addresses is good for IPv4, the
-w
flag, makes the display wide enough for IPv6
addresses.
The output of the dump
sub-command
consists of a header (unless -h
was given) and one
line for each record in the database, where each line has the following
columns:
- ‘
address/ma:port
’
- The remote address, mask, and local port number of the client connection
associated with the database entry.
- ‘
id
’
- column will show the identifier for the packet filter rule associated with
the database entry, though this may only be the word
‘
OK
’ for packet filters which do not
creat a unique identifier for each rule.
- ‘
nfail
’
- The number of failures reported for the client on the
noted port, as well as the number of failures allowed before blocking (or,
with
-a
, an asterisk ⟨*⟩)
- ‘last access’ | ‘remaining time’
- The last time a the client was reported as attempting access, or, with
-r
, the time remaining before the rule blocking
the client will be removed.
Sometimes the reported number of failed attempts can exceed the number of
attempts that blocklistd(8)
is configured to block. This can happen either because the rule has been
removed manually, or because there were more attempts in flight while the rule
block was being added. This condition is normal; in that case
blocklistd(8) will first
attempt to remove the existing rule, and then it will re-add it to make sure
that there is only one rule active.
blocklistctl
first appeared in NetBSD
7. FreeBSD support for
blocklistctl
was implemented in
FreeBSD 11.