bug in ASL block list - need a clear added feature

[aus-city]

Scott,

If there are IPs in the block list and either you restart the server, ASL, or psa, you end up having stray old IP addresses listed from ages ago.

I know you can edit the file on the server and remove them, but can you add a clear in the block list to flush the file clean?

Thanks!

[scott]

best place to send this is to support@atomicorp.com

[zeki]

i reported this too to support..... same here...

[scott]

yep, the case you started is already open. This way we can tie multiple people together, and it raises the priority of a bug report or a feature request.

[aus-city]

Perfect Scott, so now there are two against this case?

Thanks!

[zeki]

workarround from support:

The list is located in /var/ossec/var/, you can clear that file out
with:

cp /dev/null /var/ossec/var/block-list

clear the firewall rules with:

/etc/init.d/iptables restart

and clear /etc/hosts.deny with
cp /dev/null /etc/hosts.deny

greets
zwki

[scott]

yep exactly, the case management system automatically ranks issues and reports them daily to management. On my side Ive (almost) got that tied into the source code management system, so when you update a bug it actually updates the case and can even notify the case holders (you two) that its been fixed automatically.

[mrwilson]

Should the Plesk GUI block list tab be showing all the blocked IPs that my BFD has collected before I installed ASL?

My list is empty.

I can still see most of them in /etc/apf/deny_hosts.rules

[scott]

It is tracking the shuns generated by the ASL active response system