Re: How to view blacklist ip ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pascal Hambourg wrote:
> J. Bakshi a écrit :
>   
>> Even after the blacklist interval the client can access the server
>> successfully; the server still shows the client ip as blacklisted.
>> Definately the ip can be removed or "clear" as described in the man page
>> but storing the ip permanently at  /proc/net/ipt_recent/blacklist  is 
>> very confusing.  How can you then check if the ip is still blacklisted
>> or able to communicate with the server in real-life  ?
>>     
>
> The list just stores source addresses and timestamps (the big numbers,
> measured in jiffies) of recently seen packets in a FIFO manner. Whether
> a packet will match the rule with 'recent' depends on its options
> --seconds and/or --hitcount. So it is up to you to parse the timestamps
> associated to an address and decide whether this address is blacklisted
> or not.
>   

Now understand the technique.  I have 2 question here

1> how the time stamp is calculated here ? It might be possible to
generate it through the date command.
2> How long these entries are kept at  /proc/net/ipt_recent/ ? any way
to modify that interval ?

Thanks



--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux