remove entries from csf.deny from command line

Zeth · Post by **Zeth** » 29 Mar 2007, 23:14

Hello,
I believe a very handy thing would be a command line option in csf for removing a certain ip from the csf.deny file.

brianoz · Post by **brianoz** » 03 Jun 2007, 02:32

CSF already has this!

csf -a IP

deviancelabs · Post by **deviancelabs** » 04 Jun 2007, 13:02

The command

Code: Select all

csf -a IP

adds an IP to csf.allow which is not the same as removing an IP from csf.deny. read the instructions again.

I too agree with Zeth that such an option would be really handy sometimes.

brianoz · Post by **brianoz** » 04 Jun 2007, 13:12

deviancelabs wrote:The command
Code: Select all
csf -a IP
adds an IP to csf.allow which is not the same as removing an IP from csf.deny. read the instructions again.

I too agree with Zeth that such an option would be really handy sometimes.

Such an option would be useful, which is why Chirpy actually did add that functionality to csf -a some time ago. There was a time early in the life of csf where it did the same thing as apf, but now if you add something that's blocked it will unblock it and add it to the allow list; and the other way around as well.

Here's the proof if you're skeptical.

Code: Select all

[minka:~]# cd /etc/csf
[minka:/etc/csf]# csf -d 192.168.168.168
Adding 192.168.168.168 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  192.168.168.168  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.168.168
[minka:/etc/csf]# grep  192.168.168.168 *
csf.deny:192.168.168.168 # Manually denied - Mon Jun  4 22:08:19 2007
[minka:/etc/csf]# csf -a 192.168.168.168
Removing 192.168.168.168 from csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  192.168.168.168  -> 0.0.0.0/0
DROP  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.168.168
Adding 192.168.168.168 to csf.allow and iptables ACCEPT...
ACCEPT  all opt -- in !lo out *  192.168.168.168  -> 0.0.0.0/0
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.168.168
[minka:/etc/csf]# grep  192.168.168.168 *
csf.allow:192.168.168.168 # Manually allowed - Mon Jun  4 22:08:41 2007
[minka:/etc/csf]#

deviancelabs · Post by **deviancelabs** » 04 Jun 2007, 13:20

brianoz: you haven't notice the slight difference between whitelisting an IP and removing it from the blacklist.
While I agree that what you said is accurate, I need to point out that there are cases where an IP gets blacklisted and I simply want to remove it from the blacklist (using the command line) but not necessarly add it to the whitelist. I believe that this is what Zeth was referring to when he made this suggestion.

brianoz · Post by **brianoz** » 04 Jun 2007, 13:43

Nine times out of 10 if I want to remove an IP from the deny list I want to make sure it doesn't get added again, ie whitelist it.

Granted, it's not quite the same as just removing; but then your post implied that the -a option didn't remove the IP from the deny list and it does!

deviancelabs · Post by **deviancelabs** » 04 Jun 2007, 14:20

Dude, I'm not arguing what you want to do 9 times out 10 and I don't know what your needs are when it comes to using CSF. Also I'm not going to analyze my or others posts to discover some hidden meanings or what they imply and what they don't. If it happened that you misunderstood what this threads suggested, well...you are the only one so far.

And getting back to Zeth's original post:

a very handy thing would be a command line option in csf for removing a certain ip from the csf.deny file

I think further comments on this would be unnecessary at this point.