blacklistd(8) - entries don't removed

Anton Yuzhaninov citrin+bsd at
Tue Dec 20 16:16:40 UTC 2016

On 12/04/16 19:53, Ernie Luzar wrote:
> Anton Yuzhaninov wrote:
>> I started to use blacklistd(8) to protect sshd from bruteforce.
>> Entries are added to ipfw table via controlprog but never removed.
>> Blocked hosts after some time are removed from state database but even in
>> blacklistd -C /usr/local/libexec/blacklistd-helper -r -d -v
>> I see no attempts to run blacklistd-helper rem

It turned out, that blacklistd expects string OK from blacklistd-helper 

echo 'OK'
in script is workaround working for me.

Some time ago this was committed to head:

This behavior of blacklistd is unexpected and undocumented in man though.

> Seems your the first person to use this new function in 11.0. Read its
> man page for email of person who ported this from openbsd and contact
> him directly.

It was ported from NetBSD and in NetBSD 7.0.2 blacklistd has the same 
problem - script should print 'OK' string.

I don't like this, but it seems to be not a bug, but a bad designed feature.

More information about the freebsd-questions mailing list