FreeBSD blocklistd

2025-09-05 freebsd pf

Found in FreeBSD-blocklist pkg

Enable in /etc/rc.conf:

blocklistd_enable="YES"
blocklistd_flags="-r"

Configure in /etc/blocklistd.conf:

# adr/mask:port type    proto   owner           name    nfail   duration
[local]
ssh             stream  *       *               *       3       24h
ftp             stream  *       *               *       3       24h
smtp            stream  *       *               *       3       24h
submission      stream  *       *               *       3       24h
*               *       *       *               *       3       60

# adr/mask:port type    proto   owner           name    nfail   duration
[remote]
some.ip.you.like:ssh *     *       *               *       *       *

Enable blocking in /etc/pf.conf:

ext_if="vtnet0"

set skip on lo
scrub in all
antispoof for lo label "Antispoof"

# ...

block in log on $ext_if all label "Block all"

anchor "blocklistd/*" in on $ext_if

pass in quick on $ext_if inet proto tcp to port ssh label "SSH"