Re: portsentry only blocking once - need to restart

To: debian-user@lists.debian.org
Subject: Re: portsentry only blocking once - need to restart
From: "Todd A. Jacobs" <nospam@codegnome.org>
Date: Sat, 7 May 2005 15:36:55 -0700
Message-id: <[🔎] 20050507223655.GA6257@penguin.codegnome.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200505072219.48789.gissmoh@gmx.de>
References: <[🔎] 200505072219.48789.gissmoh@gmx.de>

On Sat, May 07, 2005 at 10:19:48PM +0200, Jochen Kaechelin wrote:
> A bug or a feature?

Probably a feature. My educated guess is that the IP is being added to
portsentry.ignore after being dropped, and that file is only cleared
when restarting the daemon.

It seems like you might get friendly hosts blocked from time to time,
and you shouldn't have to restart the daemon to unblock them; just add
them to the permanent ignore list and remove the offending entry in
iptables while portsentry continues to run, which is pretty much the
default behavior you're seeing.

You could probably make a case for it being a bug, since other
activities may flush iptables (e.g. firewall restarts when changing
IPs), but I can't envision a scenario where it's considered significant
offhand.

-- 
Find my Techno-Geek Journal at http://www.codegnome.org/geeklog/

Reply to:

References:
- portsentry only blocking once - need to restart
  - From: Jochen Kaechelin <gissmoh@gmx.de>

Prev by Date: folder display order in mutt
Next by Date: root partition 76% after sarge upgrade
Previous by thread: portsentry only blocking once - need to restart
Next by thread: suddenly, strange segfaults, kernel logs
Index(es):
- Date
- Thread