Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just installed PortSentry on a test server and then tried to attack it from another workstation. PortSentry performed well and blocked all the scans there-after by adding a line the portsentry.blocked file and adding an iptables rule. (I'm using the standard PortSentry conf file.)
I'm not running iptables on this server so I know that had no effect, but I've tried to remove the entry in the portsentry.blocked file and it still won't allow me access to the server again from my workstation. I restarted portsentry afterwards and it still didn't reallow access. Only restarting the entire server would allow me to work from the attacking workstation again. What do I need to do to reallow access in the future without restarting the entire server?
I've read plenty about PortSentry, but nothing on how to remove accidental IP blocks .
did you restart iptables after removing the rule? This will make it flush the rules and reread them
service iptables restart
You can always do
iptables -nL --line-numbers
to get a list of current rules to make sure they are no longer being used.
If they are, you can delete the respective line with
iptables -D INPUT 3
for example
I'm pretty sure I have a good grip on that biting thing.
I didn't think to restart because I knew I didn't have iptables running. As a check I did try to flush the new rule, but as expected, it just threw an errer about iptables not running.
The iptables rule is just part of the sample portsentry.conf file that I just didn't remove.
I went through hosts.deny, the portsentry blocking file, and tried to flush the iptables rules and the portsentry file was the only one that had been changed so I know the only thing that was blocking the address was portsentry. I did delete the entry and tried to restart but no luck. Still blocked.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.