Page 1 of 1
bug in ASL block list - need a clear added feature
Posted: Fri Nov 16, 2007 2:55 am
by aus-city
Scott,
If there are IPs in the block list and either you restart the server, ASL, or psa, you end up having stray old IP addresses listed from ages ago.
I know you can edit the file on the server and remove them, but can you add a clear in the block list to flush the file clean?
Thanks!
Posted: Fri Nov 16, 2007 8:26 am
by scott
best place to send this is to
support@atomicorp.com
Posted: Fri Nov 16, 2007 8:24 pm
by zeki
i reported this too to support..... same here...
Posted: Fri Nov 16, 2007 11:07 pm
by scott
yep, the case you started is already open. This way we can tie multiple people together, and it raises the priority of a bug report or a feature request.
Posted: Sat Nov 17, 2007 2:32 am
by aus-city
Perfect Scott, so now there are two against this case?
Thanks!
Posted: Sat Nov 17, 2007 3:23 am
by zeki
workarround from support:
The list is located in /var/ossec/var/, you can clear that file out
with:
cp /dev/null /var/ossec/var/block-list
clear the firewall rules with:
/etc/init.d/iptables restart
and clear /etc/hosts.deny with
cp /dev/null /etc/hosts.deny
greets
zwki
Posted: Sat Nov 17, 2007 9:34 am
by scott
yep exactly, the case management system automatically ranks issues and reports them daily to management. On my side Ive (almost) got that tied into the source code management system, so when you update a bug it actually updates the case and can even notify the case holders (you two) that its been fixed automatically.
Posted: Wed Aug 20, 2008 10:44 am
by mrwilson
Should the Plesk GUI block list tab be showing all the blocked IPs that my BFD has collected before I installed ASL?
My list is empty.
I can still see most of them in /etc/apf/deny_hosts.rules
Posted: Wed Aug 20, 2008 11:07 am
by scott
It is tracking the shuns generated by the ASL active response system