RE: [ISSForum] How to unblock the blocked IP from server sensor 7.0

[issforum-admin]

Title: Message

The usage of the command is as follows:   fw sam [-v] [-s sam_server] [-t timeout] [-l log] [-f fw_host] [-C] -n|-i|-I <criteria> fw sam [-v] [-s sam_server] [-f fw_host] -D   options: -v             turn on verbose mode -s sam_server  the SAM server to be contacted. Default is localhost -t timeout     time in seconds for the inhibit operation. Default is never -l log          can be one of the following: nolog, short_noalert, short_alert,                 long_noalert, long_alert (the last is the default value) -f fw_host     the FireWalls to run the operation on. Should be either                the name of a FireWalled object, the name of a group of                FireWalled objects or one of the predefined names: All                and Gateways. Default is All -C             cancel the specified operation -n             notify every time a connection that matches the specified                criteria passes the firewall   operations: -i             inhibit connections that match the specified criteria -I             inhibit connections that match the specified criteria and                close all existing connections that match it -D             delete all previous operations   criteria may be one of: a. "src" <ip>     match the source address of connections b. "dst" <ip>     match the destination address of connections c. "any" <ip>     match either the source or destination address of                   connections d. "srv" <src ip> <dst ip> <service> <protocol>                   match specific source, destination and service   <ip>, <src ip> and <dst ip> may be a host name or a dotted notation address <service> may be a service name (e.g. "telnet") or a service number <protocol> may be a protocol name (e.g. "tcp") or a protocol number   examples: 1. For the next 20 seconds, notify when someone contacts www.domain.name:    fw sam -t 20 -n dst www.domain.name 2. Inhibit 10.0.2.4 from accessing the WEB server on www.domain.name:    fw sam -i srv 10.0.2.4 www.domain.name 80 6 3. Cancel the operation from example #2:    fw sam -C -i srv 10.0.2.4 www.domain.name 80 6 4. Have the SAM server on firewall1.domain.name cancel all previous SAM    operations on the FireWall at firewall2.domain.name:    sam -s firewall1.domain.name -f firewall2.us.domain.name -D   Accordingly, you should issue the following command: If you blocked a source IP Address from accessing the host you protect, use the following:   fw sam -C -i src xxx.xxx.xxx.xxx   If you blocked a destination address, use the following:   fw sam -C -i dst xxx.xxx.xxx.xxx   If you blocked a specific source IP Address, destination address, and service use the following:   fw sam -C -i srv xxx.xxx.xxx.xxx www.domain.name service_name   Hope this helps a bit more,   Dimitris.   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 7:05 AM To: [EMAIL PROTECTED] Subject: Re: [ISSForum] How to unblock the blocked IP from server sensor 7.0 Dear Sirs,   Can somebody tell me how to unblock the specific IP address which has been blocked by server sensor 7.0 (Windows 2000 Server SP3 Platform)?  I know if I restart the issDaemon, then all the blocked IP address will be release, but I don't want all the IP address to be release.   Please help.   Best Regards,   Tony Wu   ----- Original Message ----- From: [EMAIL PROTECTED] To: Undisclosed-Recipient:; Sent: Monday, July 14, 2003 3:31 PM Subject: [ISSForum] How to unblock the blocked IP from server sensor 7.0 Dear Sirs,   Would you tell me how to unblock the blocked IP from server sensor 7.0 from Windows 2000 Server SP?   Thanks!   Tony Wu