On Sat, May 07, 2005 at 10:19:48PM +0200, Jochen Kaechelin wrote: > A bug or a feature?
Probably a feature. My educated guess is that the IP is being added to portsentry.ignore after being dropped, and that file is only cleared when restarting the daemon. It seems like you might get friendly hosts blocked from time to time, and you shouldn't have to restart the daemon to unblock them; just add them to the permanent ignore list and remove the offending entry in iptables while portsentry continues to run, which is pretty much the default behavior you're seeing. You could probably make a case for it being a bug, since other activities may flush iptables (e.g. firewall restarts when changing IPs), but I can't envision a scenario where it's considered significant offhand. -- Find my Techno-Geek Journal at http://www.codegnome.org/geeklog/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
