On Wed, Jul 23, 2014 at 2:01 AM, Steve Murphy <m...@parsetree.com> wrote:

> Hello--
>
>
Hello Steve,


> ​I have FLUSH_IPT_AT_INIT set to N;
>
> mainly because, as I play with psad, I find
> myself tweeking the config file and restarting,
> and I don't really want to lose the current
> entries.
>
> I found that I had a long list of blocks
> from a subnet that I determined after investigation,
> that I should not be blocking.
>
> So, I added an entry to the auto_dl file
> for that subnet and a port range. A restart
> of psad did not remove those blocks; I had
> to do a -F and get rid of all blocks... wouldn't
> it be nice to remove at startup, all bans that
> conflict with auto_dl? And NOT lose all the other
> entries collected?
>
>
Sure, reconciling auto_dl entries vs. auto blocking rules at init time
would be a good feature to have.  In the meantime, you may be interested in
the '--fw-rm-block-ip <IP>' option to the psad command line.  It should
allow you to remove existing blocking rules for IP's that you want allow in
the running psad instance.

Thanks,

--Mike


> murf
> ​
>
> --
>
> Steve Murphy
> ParseTree Corporation
> 57 Lane 17
> Cody, WY 82414
> ✉  murf at parsetree dot com
> ☎ 307-899-5535
>
>
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>
>


-- 
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to