I'm going to sort of direct this to all three of you so I don't repeat
myself, please ignore whatever doesn't apply to you.

 NB> If Mystic is sending the text, shouldn't binkd log it? I mean, unless

I have nothing to do with binkd so I have no idea what it does. :)

I would think it doesn't log anything except that the connection was lost
because that is what happens.  It connects and the connection is terminated by
the server before anything related to BINKP happens because the IP is blocked.

 NB> Or is this something only visable on the Mystic side?

Mystic prints "BLOCKED" and disconnects by default.  It can also replace that
text with a .txt file which means the SysOp can display more (or nothing) if
they want to.  I don't like this feature personally, but some SysOps requested
a way to print something to the client connection before the connection is
refused.

It may be that the text never makes it to binkd, or the Sysop doesn't send
anything, or that it just doesn't do anything with it.

PART 2: As far as server interaction, mentioned by some... :)

I think there may be a fundamental misunderstanding of how blocking works. This
is a "software firewall" that sits between a connection and the servers.  It
enforces IP blocking, blacklist DNS, blocking by country, auto IP banning
rules, etc.  A blocked IP never makes it to the BINKP (or any other) server for
any sort of interaction nor should it under any circumstance.

The point of a firewall is to prevent an IP from interacting with your system
or server, and Mystic doesn't and isn't going to give a blocked IP an
opportunity to send any data to any of its servers.  If a firewall let a
blocked IP access your system, then the firewall would be broken right?

What if there was a BINKP handshake bug that caused your system to drop to a
bash shell, and even though you blocked their IP, that person was still able to
connect and continually exploit your system...

This would only be possible if the firewall let a blocked IP in long enough to
see if it tries to do a BINKP handshake. And why? So it can print a pretty
little message to a client IP that you've already banned for trying to hack
your system?  No way.

Allowing something like that just doesn't make sense, and it negates the
entire purpose of having the software-based network security features.

Anyway, I don't want to spend a lot of time discussing this stuff when I
could be actually getting stuff done! :)

--- Mystic BBS v1.12 A35 (Windows/32)