blocklist and blacklist
Posted: Tue May 13, 2008 6:26 am
What is the difference between blocklist and blacklist? Is it wise to putt the blocklist IP on the blacklist? Thx!
The blocklist are the shuns added from the active response system. They are managed by OSSEC, so they are generally temporary bans. The default is to expire them after 10 minutes.
Blacklists and GeoBlocks are permanent blacklists added directly to the firewall policy. You will see them listed under as ASL-BLACKLIST if you run iptables -L -n (no dns. is much faster). These can be added as a country code, IP, or Netblock.
Whitelists are exception rules applied against both the OSSEC active response system, and the Blacklist/GeoBlacklist.
