Provided by: bld_0.3.4.1-4build1_amd64 bug


       bld - A black list daemon


       bld -h | [option]


       -v     Output version information and exit

       -n     Do not fork to become a daemon

       -a address
              Address to bind to

       -p port
              Port to listen to

       -l number
              Log verbosity (between 0 and 3)

       -t number
              Minimum time interval before blacklisting

       -m number
              Maximum submissions in time interval

       -i number
              IP list size

       -b number
              Blacklist size

       -e number
              Blacklist expiration

       -P filename
              Filename where to save PID

       -T number
              Timeout for client connections

       -u user
              User to run as

       -g group
              Group to run as

       -f filename
              Use a specific configuration file

       -A filename
              Filename where to find ACLs

       -W filename
              Filename where to find whitelist

       -B filename
              Filename where to store blacklist

       -I filename
              Filename where to store whole IP list


       By  default,  the  bld  daemon  listens  to requests on port 2905.  Requests are either IP
       addresses submissions or checks against the black list.

       bld uses a very simple algorithm to decide whether to add IP addresses to the blacklist or
       not.  The  first  time  an IP address is submitted, it is added to an internal list with a
       timestamp and all further requests increment a counter  for  this  IP.   As  soon  as  the
       minimum time interval is elapsed (default: 30 seconds), and if a maximum requests ratio is
       reached (default: 10 submissions in the 30  seconds  interval),  the  IP  is  put  in  the
       blacklist.  It is then blacklisted for a configurable time (default: 900 seconds).


       Requests  sent  to bld are rather simple.  Each request or reply is followed by a linefeed
       and a carriage return.  A client may only send one request per TCP session.   As  of  now,
       two commands may be used: ip (address submission) and ip? (ask if address is blacklisted).

       ip=a.b.c.d  submits  an IP address.  The server acknowledges either with a 200 code if the
       address is not blacklisted or a 421 if it is.

       ipdecr=a.b.c.d decrements the internal counter for an IP address.  The  lowest  value  for
       the counter is zero.  The server always acknowledges with a 200 code.

       ip?=a.b.c.d  asks  if address is blacklisted.  The server reply may be 421 if it is or 200
       if it's not.

       ipbl=a.b.c.d forces the insertion in the blacklist.  The server acknowledges  with  a  200

       If  using  IP  based restrictions, the server reply may be 600 if the client is not in the
       correct ACL to perform a request.  Any other error will generate a reply with a 500  error


       bld  binds to localhost by default and accepts any local request, so please make sure that
       only trusted users can establish a connection  to  the  daemon.   Please  check  that  all
       authorized  hosts  meet  the  minimal security requirements before changing this parameter
       even if using an access control list (see bld_acl.conf(5)).

       bld will log some statistics if it receives the SIGUSR1 signal.  SIGUSR2 is used to  force
       a dump of both lists in bld working directory.


       /etc/bld/bld.conf  /etc/bld/bld_acl.conf  /etc/bld/bld_whitelist.conf /var/run/bld/
       /var/run/bld/bld_iplist.dump /var/run/bld/bld_blacklist.dump


       bld.conf(5)  bld_acl.conf(5)  bld_whitelist.conf(5)  bldread(8)  bldquery(8)  bldsubmit(8)


       Olivier Beyssac <>

                                           August 2004                                     BLD(8)