Menu
▾
▴
Re: [Sshguard-users] Using the sshguard blacklist DB
|
From: Kevin Z. <kev...@gm...> - 2015-08-31 23:48:39
|
On 08/31/2015 15:10, Willem Jan Withagen wrote: > I manage whitelists for a large set of servers in several ranges. > And on average are non-routable nets not my biggest problem. > But the whitelist contains mainly groups of gateways allowed to get > access to certain blocks of servers. I'm not familiar with large setups so I'd be curious to learn more about your particular use case. Is maintaining whitelists significantly easier than maintaining firewall rules across several machines? > I see it rather simple: > whitelist members are not to blocked because they are trusted. > All others are up for possible rejection. > So if I change the whitelist, I'd like that to take priority over > blacklisting. Now it is the other way around: blacklisting has priority. I think this is a fair request, because whitelist entries are added manually, while blacklist entries are automatic. But James has a good point earlier that it might be better implemented using firewall rules. The big "plus" of using SSHGuard's whitelist is that the same whitelist can be used across multiple machines possibly running different firewalls, without maintaining separate lists for each. Are there other advantages of this whitelist system? Is it important enough to keep? > Now what I suggested (and prefer) is that sshguard does the smart-grep. By "smart-grep," do you mean removing the intersection of the two sets? Thanks, Kevin Zheng -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
