# blacklistd - never?



## cbrace (Mar 27, 2021)

Hi all,

I recently started using blacklistd; I have it set up to listen on ports 22 and 25. Looking at its output, I see some entries marked "never". Does this mean they will never be blocked or never unblocked? I don't understand what's going on here. I have a few IP numbers whitelisted (ie, home broadband point), but only single ones, nothing like a *5.188.206.** range. Any ideas?


```
$ sudo blacklistctl dump -a|grep never
   5.188.206.98/32:22        2/*    never
   5.188.206.99/32:22        2/*    never
   5.101.99.198/32:22        1/*    never
  5.188.206.100/32:22        2/*    never
  5.188.206.101/32:22        2/*    never
  5.188.206.102/32:22        2/*    never
   5.188.206.54/32:22        2/*    never
```


----------



## SirDice (Mar 27, 2021)

What's in /etc/blacklistd.conf?


----------



## ShelLuser (Mar 27, 2021)

cbrace said:


> I recently started using blacklistd; I have it set up to listen on ports 22 and 25.


No you don't.

Blacklist doesn't listen on ports. It only gets informed about login issues from those processes that do. When a threshold has been reached then it will take according action (as configured).

Also, the output from blacklistctl already tells you what each entry means:

```
peter@vps:/opt# blacklistctl dump -a
        address/ma:port id      nfail   last access
```

It seems to me as if you don't fully understand what the blacklist daemon actually does.


----------



## cbrace (Mar 27, 2021)

SirDice said:


> What's in /etc/blacklistd.conf?




```
$ less /etc/blacklistd.conf
# $FreeBSD: releng/12.2/usr.sbin/blacklistd/blacklistd.conf 336977 2018-07-31 16:39:38Z brd $
#
# Blacklist rule
# adr/mask:port type    proto   owner           name    nfail   disable
[local]
ssh             stream  *       *               *       3       24h
ftp             stream  *       *               *       3       24h
smtp            stream  *       *               *       3       24h
submission      stream  *       *               *       3       24h
#6161           stream  tcp6    christos        *       2       10m
*               *       *       *               *       3       60

# adr/mask:port type    proto   owner           name    nfail   disable
[remote]
#129.168.0.0/16 *       *       *               =       *       *
77.168.200.75   *       *       *               =       *       *
149.210.189.222 *       *       *               =       *       *
5.2.74.159              *       *       *               =       *       *
5.2.72.89               *       *       *               =       *       *
#6161           =       =       =               =/24    =       =
#*              stream  tcp     *               =       =       =
```


----------



## cbrace (Mar 27, 2021)

ShelLuser said:


> Blacklist doesn't listen on ports.



Right, sorry, figure of speech.


----------

