Menu
▾
▴
Re: [SSHGuard-users] Blacklist behaviour with hell list
|
From: kaycee gb <kis...@ho...> - 2021-05-06 12:43:57
|
Sorry forgot the list in first reply. Le Thu, 6 May 2021 00:46:25 +0300, Christos Chatzaras <ch...@cr...> a écrit : > > On 6 May 2021, at 00:08, Kevin Zheng <kev...@gm...> wrote: > > > > Hi there, > > > > On 5/5/21 12:44 PM, kaycee gb wrote: > [...] > [...] > [...] > > > > SSHGuard assumes that nobody else is changing the firewall rules under its > > control while it is running. Under this assumption, it should not be > > possible for an attacker who is blacklisted to show up again. If this does > > happen, SSHGuard's current behavior is to warn about it without re-blocking > > the attacker. > > > > Perhaps this behavior should change. > > > > I believe the way it works now is correct. > > If you manually remove the IP from firewall table but keep the IP in > blacklist.db if you reload sshguard it will block it again. > > So why not remove the IP from blacklist.db and then reload sshguard? I for example do not want to loose the score tracking for other attackers when releasing one ip ;) K. |
