[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sentry
Subject:    Re: [Abacus] Can't Unblock an IP Address!
From:       "Michael H. Warfield" <mhw () wittsend ! com>
Date:       2001-05-18 5:13:28
[Download RAW message or body]

On Thu, May 17, 2001 at 09:27:34PM -0400, mike wrote:
> Hi Everyone,

> I am new to the list, and having a little problem with portsentry, and
> I'm hoping you all can help.

> I  am  trying  to  unblock an IP that was accidentally blocked. I have
> removed  its entries from the portsentry.history file, added it to the
> portsentry.ignore file, and restarted the server. However, the user is
> still being blocked. Any ideas?

	Here is the script that I use.  It extracts the kill command
from the portsentry.conf file and "reverses" it to delete it.  Then
it deletes the entry from hosts.deny.  Still needs work.  Has hooks
for ipfwadm and netfilter, but currently only works with ipchains.

> -- 
> Thank You...

> mike 
> mailto:jns-michael@home.com

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

====== portsentry.unblock ======

#!/bin/sh -
# Unblock some address that's been previously been blocked...

if test "$1" = "" ; then
	echo 'What would you like me to unblock?'
	exit 255
fi

if test `expr "$1" : '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*$'` = 0 ; then
	echo "Unable to gronk the address to be unblocked: $1"
	exit 255
fi

# Set up some "fake" variable substitions so we can preserve the variables
# in the config file...

ADDRESS=$1
TARGET='$TARGET'
PORT='$PORT'

# For firewall work, we really need an SADDR SPORT DADDR and DPORT

. /usr/local/psionic/portsentry/portsentry.conf

if test "$KILL_ROUTE" != "" ; then
	# This needs to vary depending on the command...
	B_COMMAND=`echo $KILL_ROUTE | sed -e 's/$TARGET\\$/'$ADDRESS/g`
	COMMAND=`echo $B_COMMAND | sed -e 's/ .*//' -e 's/.*\///'`
	case "$COMMAND" in
	ipchains)
		U_COMMAND=`echo $B_COMMAND | sed -e 's/-I//' -e 's/-A//' -e 's/ / -D /'`
		;;
	ipfwadm)
		;;
	netfilter)
		;;
	*)
		;;
	esac

	if test "$U_COMMAND" != "" ; then
		echo executing $U_COMMAND
		$U_COMMAND
	fi
fi

if test "$KILL_HOSTS_DENY" != "" ; then
	DENY=`echo $KILL_HOSTS_DENY | sed -e 's/$TARGET\\$/'$ADDRESS/g`

	echo Removing $DENY

	# We need a way to atomically remove the DENY line from hosts.deny...
	# This one is prone to error if we block something at the same time
	# we are unblocking...  Maybe a lock file?
	sed -e "/$DENY/d" < /etc/hosts.deny > /etc/hosts.deny-

	if cmp -s /etc/hosts.deny /etc/hosts.deny- ; then
		rm /etc/hosts.deny-
	else
		mv /etc/hosts.deny- /etc/hosts.deny
	fi
fi

DATE=`date '+%s - %m/%d/%Y %T'`

echo "$DATE Host: $ADDRESS/$ADDRESS Unblocked" >> /usr/local/psionic/portsentry/portsentry.history

_______________________________________________

[prev in list] [next in list] [prev in thread] [next in thread]