Menu
▾
▴
Re: [Sshguard-users] Using the sshguard blacklist DB
|
From: Kevin Z. <kev...@gm...> - 2015-08-31 23:40:29
|
On 08/31/2015 03:51, Willem Jan Withagen wrote: > Upen (re) start of sshguard, and the list is used to blacklist, it would > be nice if the adresses were matched against what is in the whitelist. > > Now I have to manually go thru the blacklist to remove hosts, I've added > to the whitelist, since they are fully trusted. > If I don't do that, then the whitelisted host is blacklisted anyways... In my opinion, the whitelist has one important use case: to prevent you from locking yourself out. James makes a good point that it's really a better idea to use a firewall rule for this purpose instead. Currently, the whitelist is loaded only once at startup, which means that updating it requires you to restart SSHGuard. On the issue of polluting blacklists, David Winterburn suggested a do-not-blacklist list that prevents certain hosts from ever being blacklisted, but still blocks regular attacks. This seems like a useful feature for SSHGuard; a whitelist can be done in the firewall. Comments? Thanks, Kevin Zheng -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
