I use PortSentry which works great, and helps to keep out
the little buggers. Problem is that sometimes that bugger
is me coming in from a new machine to test with. Once I do,
that machine is now banned via
/sbin/route add -host 1.2.3.4 reject
How do I un-do the route command to allow access again ?
The man page says to use 'route del -host 1.2.3.4', but
that won't work "SIOCDELRT: No such process".
I know that restarting portsentry will flush out the files and
that rebooting will then that clear up *all* blocks.
And obviously not what I want to do on a production server.
I've had to manually create a banned file that does all the
route commands after portsentry is restarted.
What else, besides manually adding these hosts to rc.firewall ?
BTW, I also recommend LogCheck at http://www.psionic.com
Thanks... Dan.
