In case that you want to block all connections, you can create an active response script to add a specific rule in iptables.
On Wednesday, July 12, 2017 at 1:03:01 PM UTC+2, Jesus Linares wrote: > > I think, by default, OSSEC has the active-response for blocking an IP if > an alert higher than 6 is fired. I recommend to disable this setting. > > Regards. > > > > On Tuesday, July 11, 2017 at 8:37:21 PM UTC+2, Cristian Lorenzetto wrote: >> >> is there a condition where ossec blocks all incoming connections? >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.