Page 1 of 1
wondering if is a bug
Posted: 21 Nov 2007, 21:21
by arteryplanet
I have configured for some time now to only block the specific service, but has been many clients that contacted me saying they are blocked in the entire server, no matter if they only attempted to login many times through ftp looks like they are being blocked in the entire server. Any idea?
i have:
LF_TRIGGER =0
LF_TRIGGER_PERM =1
LF_SELECT =1
and for service for example
LF_FTPD =8
LF_FTPD_PERM =3600
Thank you in advance!
Posted: 27 Nov 2007, 20:43
by arteryplanet
Anyone have any idea about this?
Posted: 08 Dec 2007, 16:33
by arteryplanet
Any idea about this chirpy?
Thanx!
Posted: 09 Dec 2007, 11:26
by sdjl
The way the blocking works is you can setup a temporary block by setting LF_TRIGGER to 0.
It then takes into account how many attempts you want each service to permit and how long the block should be for. It won't block you from just that service, but the entire server.
David
Posted: 09 Dec 2007, 14:38
by arteryplanet
Hi, thanx for the reply, but as far as i can read and understand the following:
# To only block access to the failed application instead of a complete block
# for an ip address, you can set the following to "1", but LF_TRIGGER must be
# set to "0" with specific application[*] trigger levels also set
It should block the access to that specific service and not the entire server.
So hope Chirpy see this and give us a clarification about it.
Thanx!
Posted: 10 Dec 2007, 10:22
by chirpy
Your configuration should be correct (I presume that you do actually have double-quotes around those values in your csf.conf file as you haven't shown them here).
When they're blocked, what do you see with:
csf -t
As it ought to show the IP blocked only on the specific port and not an *