Re: [Astlinux-users] Banned Hosts

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> Am 11.08.2018 um 18:10 schrieb Cody Alderson <ald...@gm...>:
> 
> Hi,
> 
> I made changes based on recommendations here to have the banned hosts persist after a reboot. On the status screen there was a long list of banned hosts under the "Adaptive Ban Plugin Status" section. I recently rebooted, and I noticed the list has far fewer IP addresses than it used to. Note that I also upgraded Astlinux to the most recent stable version.
> 
> My question is, did upgrading make the change I put in place to keep the banned hosts after a reboot back to some default I do not know about? Another issue is that I did not write down the change I made to have the banned hosts persist after a reboot, so I can't even check it.
> 
> So, would someone please advise me as to what I likely changed to have banned hosts persist after a reboot? Also, does upgrading Astlinux switch any user changes to default software configurations back to defaults?
> 
> Thank you,
> 
> Cody

Hi Cody,

the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the entries in the "/var/log/messages" file (like Fail2Ban works too).
Usually the log file is deleted on reboot, unless you have manually set "PERSISTLOG=yes" in your "user.conf".

But depending on how your firewall is configured, you can permanently block IP-addresses either in 
"/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in "/mnt/kd/blocklists/blocked-hosts.netset"

https://doc.astlinux.org/userdoc:tt_firewall_external_block_list

Michael

http://www.mksolutions.info