Menu
▾
▴
Re: [Sshguard-users] Using the sshguard blacklist DB
|
From: Kevin Z. <kev...@gm...> - 2015-09-01 20:57:07
|
On 08/31/2015 16:51, Willem Jan Withagen wrote: > I used whitelist for a function you just described as: do-not-balcklist. > And I totally agree.... > Most of the time I'm fishing for blocked customers that repeatedly tried > the wrong password to update their website over sftp. > And always the same customers... :( > Sp they are not whitelisted in the FW sense, since they still need to > follow all the FW rules. But I really would like for them not to end up > in the blacklist over and over.... > > So then reread my request as: > Once on the do-not-block > Also do not insert in FW upon restart. Let me make sure I understand your feature request: Replace the current "whitelist" system with a "do-not-blacklist" scheme. Addresses on the list are still blocked after repeated attempts, but are never added to the blacklist. Here it gets a little fuzzy: If an address is both in the blacklist and the do-not-blacklist (DNB) list, the blacklist should "win". An example would be if do-not-blacklist lists a subnet, but one of the addresses in it is blacklisted. This means that if someone makes it into the blacklist, you will need to remove it from the blacklist and add it to the DNB. This seems like an acceptable trade-off for the complexity required. Thanks, Kevin Zheng -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
