blocklist and blacklist
blocklist and blacklist
What is the difference between blocklist and blacklist? Is it wise to putt the blocklist IP on the blacklist? Thx!
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
The blocklist are the shuns added from the active response system. They are managed by OSSEC, so they are generally temporary bans. The default is to expire them after 10 minutes.
Blacklists and GeoBlocks are permanent blacklists added directly to the firewall policy. You will see them listed under as ASL-BLACKLIST if you run iptables -L -n (no dns. is much faster). These can be added as a country code, IP, or Netblock.
Whitelists are exception rules applied against both the OSSEC active response system, and the Blacklist/GeoBlacklist.
Blacklists and GeoBlocks are permanent blacklists added directly to the firewall policy. You will see them listed under as ASL-BLACKLIST if you run iptables -L -n (no dns. is much faster). These can be added as a country code, IP, or Netblock.
Whitelists are exception rules applied against both the OSSEC active response system, and the Blacklist/GeoBlacklist.
