[prev in list] [next in list] [prev in thread] [next in thread]
List: sentry
Subject: Re: [Abacus] Can't Unblock an IP Address!
From: "Michael H. Warfield" <mhw () wittsend ! com>
Date: 2001-05-18 5:13:28
[Download RAW message or body]
On Thu, May 17, 2001 at 09:27:34PM -0400, mike wrote:
> Hi Everyone,
> I am new to the list, and having a little problem with portsentry, and
> I'm hoping you all can help.
> I am trying to unblock an IP that was accidentally blocked. I have
> removed its entries from the portsentry.history file, added it to the
> portsentry.ignore file, and restarted the server. However, the user is
> still being blocked. Any ideas?
Here is the script that I use. It extracts the kill command
from the portsentry.conf file and "reverses" it to delete it. Then
it deletes the entry from hosts.deny. Still needs work. Has hooks
for ipfwadm and netfilter, but currently only works with ipchains.
> --
> Thank You...
> mike
> mailto:jns-michael@home.com
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
====== portsentry.unblock ======
#!/bin/sh -
# Unblock some address that's been previously been blocked...
if test "$1" = "" ; then
echo 'What would you like me to unblock?'
exit 255
fi
if test `expr "$1" : '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*$'` = 0 ; then
echo "Unable to gronk the address to be unblocked: $1"
exit 255
fi
# Set up some "fake" variable substitions so we can preserve the variables
# in the config file...
ADDRESS=$1
TARGET='$TARGET'
PORT='$PORT'
# For firewall work, we really need an SADDR SPORT DADDR and DPORT
. /usr/local/psionic/portsentry/portsentry.conf
if test "$KILL_ROUTE" != "" ; then
# This needs to vary depending on the command...
B_COMMAND=`echo $KILL_ROUTE | sed -e 's/$TARGET\\$/'$ADDRESS/g`
COMMAND=`echo $B_COMMAND | sed -e 's/ .*//' -e 's/.*\///'`
case "$COMMAND" in
ipchains)
U_COMMAND=`echo $B_COMMAND | sed -e 's/-I//' -e 's/-A//' -e 's/ / -D /'`
;;
ipfwadm)
;;
netfilter)
;;
*)
;;
esac
if test "$U_COMMAND" != "" ; then
echo executing $U_COMMAND
$U_COMMAND
fi
fi
if test "$KILL_HOSTS_DENY" != "" ; then
DENY=`echo $KILL_HOSTS_DENY | sed -e 's/$TARGET\\$/'$ADDRESS/g`
echo Removing $DENY
# We need a way to atomically remove the DENY line from hosts.deny...
# This one is prone to error if we block something at the same time
# we are unblocking... Maybe a lock file?
sed -e "/$DENY/d" < /etc/hosts.deny > /etc/hosts.deny-
if cmp -s /etc/hosts.deny /etc/hosts.deny- ; then
rm /etc/hosts.deny-
else
mv /etc/hosts.deny- /etc/hosts.deny
fi
fi
DATE=`date '+%s - %m/%d/%Y %T'`
echo "$DATE Host: $ADDRESS/$ADDRESS Unblocked" >> /usr/local/psionic/portsentry/portsentry.history
_______________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic