Lines Matching +full:ports +full:- +full:block +full:- +full:group +full:- +full:count

5 closing ports dynamically based on policy.
7 The interface to the packet filter is in libexec/blacklistd-helper
20     - OpenSSH: diff/ssh.diff [tcp socket example]
21     - Bind: diff/named.diff [both tcp and udp]
22     - ftpd: diff/ftpd.diff [tcp]
24 These patches have been applied to NetBSD-current.
34 	action = 0 -> successful login clear blacklist state
35 		 1 -> failed login, add to the failed count
36 	acceptedfd -> the file descriptor where the server is
44 	message    -> an optional string that is used in debugging logs.
57 192.168.1.1:ssh	stream	tcp		*	-int	10	1m
58 8.8.8.8:ssh	stream	tcp		*	-ext	6	60m
69 will let us have 2 connections before blocking. Finally we block
70 for an hour; we could block forever too by specifying * in the
77 npf too for example), you can use -f. To watch the daemon at work,
78 you can use -d.
82 /etc/npf.conf on the group referring to the interface you want to block
88 group "external" on $ext_if {
90         ruleset "blacklistd-ext" 
95 group "internal" on $int_if {
97         ruleset "blacklistd-int" 
101 You can use 'blacklistctl dump -a' to list all the current entries