> I use PortSentry which works great, and helps to keep out
> the little buggers. Problem is that sometimes that bugger
> is me coming in from a new machine to test with. Once I do,
> that machine is now banned via
> /sbin/route add -host 1.2.3.4 reject
>
> How do I un-do the route command to allow access again ?
I had the same problem, and I did figure it out in the end (damned if I can
remember now though!), but I later realised that using route to block
attackers is not the best option that you have with PortSentry. You'd be
better off to configure PortSentry to use ipchains rather than route as that
will drop all packets from the attacker as they ARRIVE rather than blocking
the response.
In /etc/portsentry/portsentry.conf (well that's where mine is anyway) change
the KILL_ROUTE setting to look like this:
KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY -l"
It's much more secure than using reject routes, and much easier to remove in
case of an error :-)
HTH
Tony
