Menu
▾
▴
Re: [SSHGuard-users] Dynamic whitelisting IPs (Dialup/ADSL/mobile users)
|
From: hvjunk <hv...@gm...> - 2018-07-23 12:44:26
|
> On 23 Jul. 2018, at 14:36 , hvjunk <hv...@gm...> wrote: > > Good day, > > Other than an update of the whitelist file, and restarting sshguard (with all the current blocks being removed), is there another mechanism to dynamically update whitelist IPs? > > The “challenge” is that I have dynamically assigned IPs, like mobile devices, that have (for various reasons) trigged the sshguard blocking. I could do the updates of the whitelist file in some way out of band, but the problem is the current blocks are then removed and “forgotten”, which I would prefer not to happen, and I don’t want to open up/whitelist /16 sized netblocks to not restart the sshguard process. > > Perhaps would the developers accept a “sshguard-control” type API/interface/program pull request? After I sent this, I saw the source code also makes use of ipset(s), and I wondered perhaps to change the sshguard rules, to also have a whitelist, together with the blacklist that would be bypassing the sshguard block chain? |
