Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Be careful | 10 comments | Create New Account
Click here to return to the 'Be careful' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Be careful
Authored by: Jeff Thompson on Sep 23, '02 12:35:08PM

Yeah, I've had other system admins advise me of the same thing. What they suggest is that you clear out your deny list every so often to allow people, who have since removed these virii, to get back into your web site. An even better option would be to create a rolling window of "denied" sites based on the date they were added, but IPFW doesn't support this (that I'm aware of) so an external list would need to be maintained.

IF you want to clear out ALL of the denied sites from your IPFW "deny list" use the following (wrmclr) shell script (same notes apply to this as the wrmblk shell script):

#!/bin/sh
# ----------------------------------------------------------------------------
# WRMCLR - Copyright 2002, Jeff Thompson
# ----------------------------------------------------------------------------
# CLEAR IPFW DENY list
# ----------------------------------------------------------------------------

echo WRMCLR - Clear Nimda/CodeRed DENY List
echo -------------------------------------------------------------------------
ipfw list | grep 'deny ip from *.*.*.* to any' |
awk '{print $1}' | sort -n | uniq |
while read rulez
do
echo Removing $rulez from IPFW deny list
ipfw delete $rulez >/dev/null
done



[ Reply to This | # ]