>>>>>
>>Date: Mon, 22 Jan 2001 14:49:34 -0500
>>From: "Michael H. Warfield" <[EMAIL PROTECTED]>
>>Subject: Re: Ramen worm & port activity
>>
>>On Mon, Jan 22, 2001 at 01:48:00PM -0500, Burke, Thomas G. wrote:
> Of course, the "Black hole" effect lasts only until the machine is rebooted.
>>
>> 1) Not necessarily. Particularly if you save the chains before
>>shuting down (doesn't help if you pull the plug). [skip]
>>
>> 2) [skip] I don't see much sense
>>in blocking out an address for more than 48 hours. If I do see
>>returns from the same address across expirations, that's a system that
>>I might want to notify someone about... :-/
Greetings! I found using ipchains with Psionic's portsentry is a good
firewall solution. However, having looked through the portsentry.conf file
and ipchains man pages, I can't find any means of putting a 24/48 hour
expiration time on the denied IP.
Can you advise me on how to do that as it looks like a great answer to my
dilemma: either keeping a long blacklist of restricted IPs in
/etc/rc.d/rc.firewall.blocked (which for most part are dynamically
assigned) or having a temp 24 hour expiring list? Personally, I like the
elegance of the latter one.
Thanks!
DR
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
