Re: How to view blacklist ip ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



J. Bakshi a écrit :
> 
> Even after the blacklist interval the client can access the server
> successfully; the server still shows the client ip as blacklisted.
> Definately the ip can be removed or "clear" as described in the man page
> but storing the ip permanently at  /proc/net/ipt_recent/blacklist  is 
> very confusing.  How can you then check if the ip is still blacklisted
> or able to communicate with the server in real-life  ?

The list just stores source addresses and timestamps (the big numbers,
measured in jiffies) of recently seen packets in a FIFO manner. Whether
a packet will match the rule with 'recent' depends on its options
--seconds and/or --hitcount. So it is up to you to parse the timestamps
associated to an address and decide whether this address is blacklisted
or not.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux