J. Bakshi wrote: > Pascal Hambourg wrote: > >> J. Bakshi a écrit : >> >> >>> # cat /proc/net/ipt_recent/blacklist >>> >>> src=183.131.207.0 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 >>> src=240.168.95.31 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902 >>> >>> >> [...] >> >> >>> And If I try to remove a line it reports >>> >>> ``````````````` >>> WARNING: The file has been changed since reading it!!! >>> Do you really want to write to it (y/n)? >>> ````````````````` >>> >>> A yes puts me again into the file. and it is recursive. >>> >>> >> You are not supposed to open this pseudo-file and remove lines with a >> text editor, you are supposed to *write* commands (e.g. with echo) into >> it as indicated in the manpage. This is not a real file but an interface >> to the kernel. >> >> > > Hello, > > Yes, I have found the specific section in the man page and it is > successully do the job as described. Now I can modify my script > accordingly to do the job. > Thanks a lot for he right direction. > wish you a nice time. > > Hello Pascal, I don't know if I should create a new thread or continue with this one. But this is a new issue though a continuation of ipt_recent and blacklist. My script to show the blacklisted ip is running well. During my experiment with blacklist I have found that blacklisted ips are still there at /proc/net/ipt_recent/blacklist Even after the blacklist interval the client can access the server successfully; the server still shows the client ip as blacklisted. Definately the ip can be removed or "clear" as described in the man page but storing the ip permanently at /proc/net/ipt_recent/blacklist is very confusing. How can you then check if the ip is still blacklisted or able to communicate with the server in real-life ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
