Hi all > Wouldn't it be possible to do a reverse lookup on all blocked IPs (via a > script) when they are blocked, add it to a file, and then every > few hours do > another lookup to see if the FQDN associated with the IP has > changed - (if > it has then remove it from list)? This does of course assume > that the FQDN > associated with a dynamic IP changes when the lease does.
Wouldn't it be possible to just do a scheduled "svi network ipfilter reload" and all IPCHAINS rules added by portsentry will be deleted? The block file of portsentry should be null'ed. (not the block log, but the block file) The interval can be set as a parameter in network.conf. I know that for example Watchguard is flushing all IP's blocked by the portscanner detector every 30min by default. Good idea? --- Sandro Minola | LEAF Developer (http://leaf.sourceforge.net) mailto:[EMAIL PROTECTED] | mailto:[EMAIL PROTECTED] http://www.minola.ch | http://leaf.sourceforge.net/devel/sminola - My PGP key is at: http://www.minola.ch/pgp/sminola.asc --- > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Bolduc > Sent: Thursday, April 11, 2002 7:47 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: [Leaf-user] Changes for new Dachstein release > > > I'm not sure if this would be possible but: > > > S > > > >From: KP Kirchdörfer <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: Victor McAllister <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > >Subject: Re: [Leaf-user] Changes for new Dachstein release > >Date: Thu, 11 Apr 2002 19:12:54 +0200 > > > >Am Donnerstag, 11. April 2002 07:46 schrieb Victor McAllister: > > > My wish list of programs to be included on the next DCD version > > > include xntp.lrp and psentry.lrp both from > > > http://leaf.sourceforge.net/devel/ddouthitt/packages/ > > > >I've built a dachstein 1.0.2 based CD with glibc 2.1.3. Among other > >enhancements you'll find xntp on the CD. > > > >I thought about portsentry as well, but found it's not a good idea to > >block ports based on ip-addresses. > > > >Currently in Germany the most affordable flatrate with DSL is bound > >to dynmic ip-adresses (changing a least once a day). If someone today > >portsscan your net with an dynamic address, I might be blocked in the > >future for no other reason than unfortunately getting this > >ip-address. Given the long uptimes of leaf routers chances are good, > >that portsentry blocks more innocent users with dynamic addresses, > >than real portscanners. Now I could live a day without accessing your > >net, but what bothered me is administration of a net using > >portsentry. I hear all those yelling, that services have been > >inaccessible for the last day and you find everything is working ok > >now. > >Please correct me, if I understood portsentry wrong; I'm willing to > >add it as soon as possible, if it's handling dynamic addresses > >without problems. > > > >kp > > > >_______________________________________________ > >Leaf-user mailing list > >[EMAIL PROTECTED] > >https://lists.sourceforge.net/lists/listinfo/leaf-user > > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
