From owner-freebsd-questions@freebsd.org  Wed Nov 15 16:02:40 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5407EDE0F93
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 15 Nov 2017 16:02:40 +0000 (UTC)
 (envelope-from lidl@FreeBSD.org)
Received: from hydra.pix.net (hydra.pix.net [IPv6:2001:470:e254::4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.pix.net", Issuer "Pix.Com Technologies LLC CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id F26E17074F
 for <freebsd-questions@freebsd.org>; Wed, 15 Nov 2017 16:02:39 +0000 (UTC)
 (envelope-from lidl@FreeBSD.org)
Received: from torb.pix.net ([IPv6:2001:470:e254:11:ac3b:829b:fc19:b4dc])
 (authenticated bits=0)
 by hydra.pix.net (8.15.2/8.15.2) with ESMTPA id vAFG2UQ6075350;
 Wed, 15 Nov 2017 11:02:37 -0500 (EST)
 (envelope-from lidl@FreeBSD.org)
X-Authentication-Warning: hydra.pix.net: Host
 [IPv6:2001:470:e254:11:ac3b:829b:fc19:b4dc] claimed to be torb.pix.net
Reply-To: lidl@FreeBSD.org
Subject: Re: How to setup IPFW working with blacklistd
To: Cos Chan <rosettas@gmail.com>, Ian Smith <smithi@nimnet.asn.au>
Cc: freebsd-questions <freebsd-questions@freebsd.org>,
 Michael Ross <gmx@ross.cx>
References: <mailman.87.1509969603.28633.freebsd-questions@freebsd.org>
 <20171106235944.U9710@sola.nimnet.asn.au>
 <CAKV+xLCizjt5M+mJmTZj-cr=D6rhXRwDjCkE=6Q-VQX73iY+4A@mail.gmail.com>
 <20171107033226.M9710@sola.nimnet.asn.au>
 <CAKV+xLBWgU6zmc7tQNA=0+=2aF23C1QfJ2i3q1gKYDttwsCTkg@mail.gmail.com>
 <20171107162914.G9710@sola.nimnet.asn.au>
 <CAKV+xLDQQcG3bvo1b2nUAu7oOVhdNzDDrPWTVp2qOmkWVV89BQ@mail.gmail.com>
 <20171108012948.A9710@sola.nimnet.asn.au>
 <CAKV+xLCQ9NE6+Eg6NvHZuEED8Cf6ZX74unvk9ajfLyG-yA2rXA@mail.gmail.com>
 <CAKV+xLAkfiQCLXfgZOtQGUXOW8gYN7sjOD5uWezv-N+TBjybMQ@mail.gmail.com>
 <20171111213759.I72828@sola.nimnet.asn.au>
 <CAKV+xLDicLze3Dvd2i7HGWJUxCdSLjvhuWWZUJ65pMi+x483=A@mail.gmail.com>
 <CAKV+xLAt4Ciqmg2w1iJK42jq6f+numASKMQ=UL6dT+CdGYujVQ@mail.gmail.com>
 <CAKV+xLD_KE938JnmjDE=CmfZ7bOJ1CaqvWuQ+0jDzQNWM+6yLg@mail.gmail.com>
 <20171115192830.R72828@sola.nimnet.asn.au>
 <CAKV+xLB99A8RxyWh5vCnGweOXrCjmPw5r34-tXj=hhJkKcz1=w@mail.gmail.com>
From: Kurt Lidl <lidl@FreeBSD.org>
Message-ID: <e2fdef2f-b1d9-00e6-6ea9-0f1b8d4217ed@FreeBSD.org>
Date: Wed, 15 Nov 2017 11:02:30 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
 Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CAKV+xLB99A8RxyWh5vCnGweOXrCjmPw5r34-tXj=hhJkKcz1=w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 16:02:40 -0000

On 11/15/17 6:46 AM, Cos Chan wrote:

> blacklistd.log:
> Nov 15 12:13:42 res blacklistd[22100]: blocked 132.148.128.234/32:22 
> <http://132.148.128.234/32:22> for -1 seconds
> Nov 15 12:15:40 res blacklistd[22100]: rule exists OK
> Nov 15 12:15:40 res blacklistd[22100]: blocked 132.148.128.234/32:22 
> <http://132.148.128.234/32:22> for -1 seconds

The "-1 seconds" looks fishy to me.

What is the /etc/blacklistd.conf on this machine?

-Kurt