Blacklistd Issues

From: Doug Hardie <bc979_at_lafn.org>
Date: Mon, 17 Apr 2023 20:38:35 UTC
I have been implementing blacklistd.  It works fine with postfix and my web server.  However, sshd is not working.  I have enabled the UseBlacklistd configuration line.  However, no amount of invalid id/passwords generate an entry in either blacklistd or pf.  Running ktrace with invalid web requests on blacklistd shows that it obtains the endpoints properly and calls the helper to do the work.  However, when sending invalid id/passwords via ssh, blacklistd does receive the proper packets from sshd and it obtains the endpoints, but just ends.  It never calls the helper.  I have the entry in blacklistd.conf for that port, and blacklistd has been restarted many times.  Any ideas what I need to do to get blacklistd to record the calls.  There is no table in pf for that port.  However, it appears there needs to be at least one call to make the table appear.

-- Doug