lfd: ignore with service

lehels · Post by **lehels** » 18 Jul 2007, 12:31

Ok, we have now: Lfd Ignore,
"The following IP addresses will be ignored by all lfd checks."

Would it be possible to ignore an IP, with a specific service,

ex.: we have an IP, wich wants to connect more than 75times/hour to POP3, it is not an ultima solution to ignore the IP at all lfd checks,

like: pop3:IP

or there is an alternative solution for this?

bloggerman · Post by **bloggerman** » 19 Jul 2007, 01:25

lehels wrote:Ok, we have now: Lfd Ignore,
"The following IP addresses will be ignored by all lfd checks."

Would it be possible to ignore an IP, with a specific service,

ex.: we have an IP, wich wants to connect more than 75times/hour to POP3, it is not an ultima solution to ignore the IP at all lfd checks,

like: pop3:IP

or there is an alternative solution for this?

Yeah I would think here:

Edit the Process Tracking ignore file - all listed usernames and files will be ignored by lfd

# exe:/full/path/to/file
# user:username
# cmd:command line
#
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.

See where it says cmd: and exe: ? However seems you are trying to say hey filter this service to this IP (ONLY) right?

deadeye · Post by **deadeye** » 19 Jul 2007, 17:30

I don't know if this will work in lfd ignore, but you might give it a try. I know this format works in Firewall Deny IP's.

tcp/udp:in/out:s/d=port:s/d=ip

example to block port 110 (pop3)
tcp:in:d=110:s=192.168.1.1

Charles

Post by **chirpy** » 20 Jul 2007, 10:41

That won't work. There's only functionality at present to ignore an IP for all lfd blocks.