1.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $ 2.\" 3.\" Copyright (c) 2015 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Christos Zoulas. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28.\" POSSIBILITY OF SUCH DAMAGE. 29.\" 30.Dd January 27, 2025 31.Dt BLOCKLISTCTL 8 32.Os 33.Sh NAME 34.Nm blocklistctl 35.Nd display and change the state of the blocklistd database 36.Sh SYNOPSIS 37.Nm 38.Cm dump 39.Op Fl abdnrw 40.Op Fl D Ar dbname 41.Sh DESCRIPTION 42.Nm 43is a program used to display and change the state of the 44.Xr blocklistd 8 45database. 46The following sub-commands are supported: 47.Ss dump 48.Pp 49The following options are available for the 50.Cm dump 51sub-command: 52.Bl -tag -width indent 53.It Fl a 54Show all database entries, by default it shows only the active ones. 55Inactive entries will be shown with a last-access (or, with 56.Fl r , 57the remaining) time of 58.Ql never . 59.It Fl b 60Show only the blocked entries. 61.It Fl D Ar dbname 62Specify the location of the 63.Ic blocklistd 64database file to use. 65The default is 66.Pa /var/db/blocklistd.db . 67.It Fl d 68Increase debugging level. 69.It Fl n 70Don't display a header. 71.It Fl r 72Show the remaining blocked time instead of the last activity time. 73.It Fl w 74Normally the width of addresses is good for IPv4, the 75.Fl w 76flag, makes the display wide enough for IPv6 addresses. 77.El 78.Pp 79The output of the 80.Cm dump 81sub-command consists of a header (unless 82.Fl n 83was given) and one line for each record in the database, where each line 84has the following columns: 85.Bl -tag -width indent 86.It Ql address/ma:port 87The remote address, mask, and local port number of the client connection 88associated with the database entry. 89.It Ql id 90column will show the identifier for the packet filter rule associated 91with the database entry, though this may only be the word 92.Ql OK 93for packet filters which do not creat a unique identifier for each rule. 94.It Ql nfail 95The number of 96.Em failures 97reported for the client on the noted port, as well as the number of 98failures allowed before blocking (or, with 99.Fl a , 100an asterisk 101.Aq * ) 102.It So last access Sc | So remaining time Sc 103The last time a the client was reported as attempting access, or, with 104.Fl r , 105the time remaining before the rule blocking the client will be removed. 106.El 107.Sh SEE ALSO 108.Xr blocklistd 8 109.Sh NOTES 110Sometimes the reported number of failed attempts can exceed the number 111of attempts that 112.Xr blocklistd 8 113is configured to block. 114This can happen either because the rule has been removed manually, or 115because there were more attempts in flight while the rule block was being 116added. 117This condition is normal; in that case 118.Xr blocklistd 8 119will first attempt to remove the existing rule, and then it will re-add 120it to make sure that there is only one rule active. 121.Sh HISTORY 122.Nm 123first appeared in 124.Nx 7 . 125.Fx 126support for 127.Nm 128was implemented in 129.Fx 11 . 130.Sh AUTHORS 131.An Christos Zoulas 132