> > I use PortSentry which works great, and helps to keep out
> > the little buggers. Problem is that sometimes that bugger
> > is me coming in from a new machine to test with. Once I do,
> > that machine is now banned via
> > /sbin/route add -host 1.2.3.4 reject
> >
> > How do I un-do the route command to allow access again ?
> >
> > The man page says to use 'route del -host 1.2.3.4', but
> > that won't work "SIOCDELRT: No such process".
> > I know that restarting portsentry will flush out the files and
> > that rebooting will then that clear up *all* blocks.
> > And obviously not what I want to do on a production server.
> > I've had to manually create a banned file that does all the
> > route commands after portsentry is restarted.
> > What else, besides manually adding these hosts to rc.firewall ?
> >
> > BTW, I also recommend LogCheck at http://www.psionic.com
>
> In the directory where PortSentry is installed is a file called
> portsentry.ignore. Add the IPs you wanted ignore to this file, remove or
> uncomment IP in /etc/hosts.deny and ipchains -D input -s $TARGET$ -j DENY -l
> Kill and restart PortSentry!
Thanks, that's a better solution. So given this, is it correct to say that I
no longer need to have
KILL_HOSTS_DENY="ALL: $TARGET$ : DENY"
since it should never get that far when blocked by ipchains.
That ipchain rule is also nice to stop the cable @home service from
"checking" my system. I don't need them to see port 80 (http - web),
although I have caught them scanning port 119 (nntp - news server) :)
Thanks... Dan.
