I'm not sure if this would be possible but: Wouldn't it be possible to do a reverse lookup on all blocked IPs (via a script) when they are blocked, add it to a file, and then every few hours do another lookup to see if the FQDN associated with the IP has changed - (if it has then remove it from list)? This does of course assume that the FQDN associated with a dynamic IP changes when the lease does.
S >From: KP Kirchdörfer <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: Victor McAllister <[EMAIL PROTECTED]>, [EMAIL PROTECTED] >Subject: Re: [Leaf-user] Changes for new Dachstein release >Date: Thu, 11 Apr 2002 19:12:54 +0200 > >Am Donnerstag, 11. April 2002 07:46 schrieb Victor McAllister: > > My wish list of programs to be included on the next DCD version > > include xntp.lrp and psentry.lrp both from > > http://leaf.sourceforge.net/devel/ddouthitt/packages/ > >I've built a dachstein 1.0.2 based CD with glibc 2.1.3. Among other >enhancements you'll find xntp on the CD. > >I thought about portsentry as well, but found it's not a good idea to >block ports based on ip-addresses. > >Currently in Germany the most affordable flatrate with DSL is bound >to dynmic ip-adresses (changing a least once a day). If someone today >portsscan your net with an dynamic address, I might be blocked in the >future for no other reason than unfortunately getting this >ip-address. Given the long uptimes of leaf routers chances are good, >that portsentry blocks more innocent users with dynamic addresses, >than real portscanners. Now I could live a day without accessing your >net, but what bothered me is administration of a net using >portsentry. I hear all those yelling, that services have been >inaccessible for the last day and you find everything is working ok >now. >Please correct me, if I understood portsentry wrong; I'm willing to >add it as soon as possible, if it's handling dynamic addresses >without problems. > >kp > >_______________________________________________ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
