J. Bakshi wrote: > Pascal Hambourg wrote: > >> Hello, >> >> J. Bakshi a écrit : >> >> >>> iptables -A INPUT -m recent --name blacklist --rcheck --seconds >>> $BLACKLIST_INTERVAL -j DROP >>> >>> and it is working really well. But is there any way to manage the >>> blacklisted ip ? Manage means >>> >>> >> man iptables >> >> >> >>> 1> view the ips which are blacklisted >>> >>> >> Read /proc/net/ipt_recent/<name>. >> >> >> > > Great !!!. Thanks a lot. Now I can write a shell script to manage the IPs. > > Though the content of the file consists of much more. `````````` # cat /proc/net/ipt_recent/blacklist src=183.131.207.0 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 src=240.168.95.31 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 src=254.41.0.0 ttl: 0 last_seen: 4298215698 oldest_pkt: 1 4298215698 src=255.255.211.0 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 src=135.0.0.0 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 src=79.0.0.0 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 src=53.0.0.0 ttl: 0 last_seen: 4298215698 oldest_pkt: 1 4298215698 src=31.190.99.0 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 src=165.0.0.0 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 src=236.13.207.0 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 src=135.232.168.45 ttl: 0 last_seen: 4298215698 oldest_pkt: 1 4298215698 src=255.255.255.211 ttl: 0 last_seen: 4298215698 oldest_pkt: 2 4298212575 ````````````````````````````````` And If I try to remove a line it reports ``````````````` WARNING: The file has been changed since reading it!!! Do you really want to write to it (y/n)? ````````````````` A yes puts me again into the file. and it is recursive. > > >>> 2> manually remove an IP from blacklist >>> >>> >> Write "-a.b.c.d" into /proc/net/ipt_recent/<name> where a.b.c.d is the >> address to remove. You can also write "clear" to flush the list. >> >> >> >>> 3> manually insert an IP as blacklist >>> >>> >> Write "+a.b.c.d" or "a.b.c.d" into /proc/net/ipt_recent/<name> where >> a.b.c.d is the address to add or update. >> >> Warning : ipt_recent may have been renamed xt_recent in recent kernels. >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> >> >> > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
