Page 1 of 1
lfd: ignore with service
Posted: 18 Jul 2007, 12:31
by lehels
Ok, we have now: Lfd Ignore,
"The following IP addresses will be ignored by all lfd checks."
Would it be possible to ignore an IP, with a specific service,
ex.: we have an IP, wich wants to connect more than 75times/hour to POP3, it is not an ultima solution to ignore the IP at all lfd checks,
like: pop3:IP
or there is an alternative solution for this?
Posted: 19 Jul 2007, 01:25
by bloggerman
lehels wrote:Ok, we have now: Lfd Ignore,
"The following IP addresses will be ignored by all lfd checks."
Would it be possible to ignore an IP, with a specific service,
ex.: we have an IP, wich wants to connect more than 75times/hour to POP3, it is not an ultima solution to ignore the IP at all lfd checks,
like: pop3:IP
or there is an alternative solution for this?
Yeah I would think here:
Edit the Process Tracking ignore file - all listed usernames and files will be ignored by lfd
# exe:/full/path/to/file
# user:username
# cmd:command line
#
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.
See where it says cmd: and exe: ? However seems you are trying to say hey filter this service to this IP (ONLY) right?
Posted: 19 Jul 2007, 17:30
by deadeye
I don't know if this will work in lfd ignore, but you might give it a try. I know this format works in Firewall Deny IP's.
tcp/udp:in/out:s/d=port:s/d=ip
example to block port 110 (pop3)
tcp:in:d=110:s=192.168.1.1
Charles
Posted: 20 Jul 2007, 10:41
by chirpy
That won't work. There's only functionality at present to ignore an IP for all lfd blocks.