From: "J. Bakshi" <joydeep@infoservices.in>
To: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Cc: netfilter@vger.kernel.org
Subject: Re: How to view blacklist ip ?
Date: Mon, 07 Sep 2009 14:50:30 +0530 [thread overview]
Message-ID: <4AA4D05E.5050909@infoservices.in> (raw)
In-Reply-To: <4AA4C3B8.7080309@infoservices.in>
J. Bakshi wrote:
> Pascal Hambourg wrote:
>
>> J. Bakshi a écrit :
>>
>>
>>> # cat /proc/net/ipt_recent/blacklist
>>>
>>> src=183.131.207.0 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902
>>> src=240.168.95.31 ttl: 0 last_seen: 4298214902 oldest_pkt: 1 4298214902
>>>
>>>
>> [...]
>>
>>
>>> And If I try to remove a line it reports
>>>
>>> ```````````````
>>> WARNING: The file has been changed since reading it!!!
>>> Do you really want to write to it (y/n)?
>>> `````````````````
>>>
>>> A yes puts me again into the file. and it is recursive.
>>>
>>>
>> You are not supposed to open this pseudo-file and remove lines with a
>> text editor, you are supposed to *write* commands (e.g. with echo) into
>> it as indicated in the manpage. This is not a real file but an interface
>> to the kernel.
>>
>>
>
> Hello,
>
> Yes, I have found the specific section in the man page and it is
> successully do the job as described. Now I can modify my script
> accordingly to do the job.
> Thanks a lot for he right direction.
> wish you a nice time.
>
>
Hello Pascal,
I don't know if I should create a new thread or continue with this one.
But this is a new issue though a continuation of ipt_recent and blacklist.
My script to show the blacklisted ip is running well. During my
experiment with blacklist I have found that blacklisted ips are still
there at
/proc/net/ipt_recent/blacklist
Even after the blacklist interval the client can access the server
successfully; the server still shows the client ip as blacklisted.
Definately the ip can be removed or "clear" as described in the man page
but storing the ip permanently at /proc/net/ipt_recent/blacklist is
very confusing. How can you then check if the ip is still blacklisted
or able to communicate with the server in real-life ?
next prev parent reply other threads:[~2009-09-07 9:20 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-07 5:57 How to view blacklist ip ? J. Bakshi
2009-09-07 6:01 ` Anatoly Muliarski
2009-09-07 6:09 ` J. Bakshi
2009-09-07 7:33 ` Pascal Hambourg
2009-09-07 7:43 ` J. Bakshi
2009-09-07 7:59 ` J. Bakshi
2009-09-07 8:14 ` Pascal Hambourg
2009-09-07 8:26 ` J. Bakshi
2009-09-07 9:20 ` J. Bakshi [this message]
2009-09-07 10:34 ` Pascal Hambourg
2009-09-07 10:47 ` J. Bakshi
2009-09-07 11:14 ` Pascal Hambourg
2009-09-07 12:20 ` J. Bakshi
2009-09-07 18:37 ` Anatoly Muliarski
2009-09-08 4:35 ` J. Bakshi
2009-09-08 5:28 ` J. Bakshi
2009-09-08 7:48 ` Anatoly Muliarski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AA4D05E.5050909@infoservices.in \
--to=joydeep@infoservices.in \
--cc=netfilter@vger.kernel.org \
--cc=pascal.mail@plouf.fr.eu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.