Updated: 2025/Nov/16
Please read Privacy Policy. It's for your privacy.
BLOCKLISTCTL(8) System Manager's Manual BLOCKLISTCTL(8)
NAME
blocklistctl - display and change the state of the blocklistd database
SYNOPSIS
blocklistctl dump [-abdnrw] [-D dbname]
DESCRIPTION
blocklistctl is a program used to display and change the state of the
blocklistd(8) database. The following sub-commands are supported:
dump
The following options are available for the dump sub-command:
-a Show all database entries, by default it shows only the active
ones. Inactive entries will be shown with a last-access (or,
with -r, the remaining) time of `never'.
-b Show only the blocked entries.
-D dbname
Specify the location of the blocklistd database file to use. The
default is /var/db/blocklistd.db.
-d Increase debugging level.
-n Don't display a header.
-r Show the remaining blocked time instead of the last activity
time.
-w Normally the width of addresses is good for IPv4, the -w flag,
makes the display wide enough for IPv6 addresses.
The output of the dump sub-command consists of a header (unless -n was
given) and one line for each record in the database, where each line has
the following columns:
`rulename'
The packet filter rule name associated with the database entry,
usually blocklistd.
`address/ma:port'
The remote address, mask, and local port number of the client
connection associated with the database entry.
`id' column will show the identifier for the packet filter rule
associated with the database entry, though this may only be the
word `OK' for packet filters which do not create a unique
identifier for each rule.
`nfail'
The number of failures reported for the client on the noted port,
as well as the number of failures allowed before blocking (or,
with -a, an asterisk <*>)
`last access' | `remaining time'
The last time a the client was reported as attempting access, or,
with -r, the time remaining before the rule blocking the client
will be removed.
SEE ALSO
blocklistd(8)
NOTES
Sometimes the reported number of failed attempts can exceed the number of
attempts that blocklistd(8) is configured to block. This can happen
either because the rule has been removed manually, or because there were
more attempts in flight while the rule block was being added. This
condition is normal; in that case blocklistd(8) will first attempt to
remove the existing rule, and then it will re-add it to make sure that
there is only one rule active.
HISTORY
blocklistctl first appeared in NetBSD 7. FreeBSD support for
blocklistctl was implemented in FreeBSD 11.
AUTHORS
Christos Zoulas
NetBSD 11.99 October 25, 2025 NetBSD 11.99