Menu
▾
▴
Re: [SSHGuard-users] Retention time of attacks leading to blocks - measured in days ?
|
From: Kevin B. <kev...@gm...> - 2022-10-14 02:17:25
|
On 2022/10/14 03:27, kaycee gb wrote: > > It may be related to an "issue" I had with blacklisted addresses. In my > workflow, I unblacklist/free addresses after some time from firewall. Initially > I had problems to make it work correctly because SSHGuard do not releases IP's > counters for blocked IP's (temporarily or forever). I think I talked about that > here some time ago. Cheers for the pointer: I have now found that thread. It sounds as though the fact that we haven't restarted SSHGuard in some time, but merely removed "erroneous" entries from the blacklist DB, and removed the IPTables rule, so as to permit an IP address access again, will see SSHGuard storing deatils about the IP address from "way back when". Basically then, we can ignore the "after 3 abuses over 9652777 secs", part, as it has nothing to do with the application of the block, which has resulted from the "4 attacks in 6 secs" monitoring ? |
