Atomicorp

If I select a country to block an hit the safe button in the webGUI i get the next message:

"failed open file"

Now the Geoblocking page is gone also

Can you send me the output of:

rpm -q asl asl-web-gui

Make sure you've yum updated to the latest of both.

It is updated to the latest versions:

# rpm -q asl asl-web-gui
asl-1.9.11-6.el4.art
asl-web-gui-0.11-3.el4.art

Is there a config file to do this manualy? How?

Ok, now I see that ASL is processing the request but how can see what it did because the choice I made I can select again?

//edit the selection came back after a couple of seconds

Ah ok, all is well now?

ASL timed out a couple of times but it made the changes anyway after a while, it took a long time to process though? The same happend after I added al blocked IP's to the blacklist, i timed out also a couple of times. I will try it again tommorow but right now if I add one blocked IP to the blacklist it is taking minutes and you have to wait nothning else works at if this process is running...

yeah it can take a long time if you're building a huge policy. It has to do with maintaining compatibility with other firewall systems (psa-firewall, apf, etc). Long term for performance sake, I might have to break that. Basically it analyzes the existing policy to make sure its not conflicting with it, and that takes a long time with a big list.

Ah, so copy the .conf to the other servers is not a goog idea? Do you need to run ASL -f after updating the geoblock?

I tried it again just now and it is impossible to move/copy the blocklist IP's to the blacklist ASL is timming out and during this process everything is on hold.

Ive got some ideas on how to make that faster, but they will have to wait until the OSSEC 1.5 update is complete.

OK, I will wait thx!