blocklist and blacklist

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
BerArt
Forum Regular
Forum Regular
Posts: 478
Joined: Tue Jan 15, 2008 3:57 am
Location: Netherlands

blocklist and blacklist

Unread post by BerArt »

What is the difference between blocklist and blacklist? Is it wise to putt the blocklist IP on the blacklist? Thx!
Top
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:
Contact scott

Unread post by scott »

The blocklist are the shuns added from the active response system. They are managed by OSSEC, so they are generally temporary bans. The default is to expire them after 10 minutes.

Blacklists and GeoBlocks are permanent blacklists added directly to the firewall policy. You will see them listed under as ASL-BLACKLIST if you run iptables -L -n (no dns. is much faster). These can be added as a country code, IP, or Netblock.

Whitelists are exception rules applied against both the OSSEC active response system, and the Blacklist/GeoBlacklist.
Top
BerArt
Forum Regular
Forum Regular
Posts: 478
Joined: Tue Jan 15, 2008 3:57 am
Location: Netherlands

Unread post by BerArt »

Clear Thx! :)
Top
Post Reply

Return to “General Help and Development Discussion”