I'm on dialup for alot of my time and use rather large deny lists(1000+ ips). when removeing a banned ip, it takes alongtime to upload the new deny list as well as display the full ruleset when flushing/restarting the firewall.(+20 seconds at times).
just thought it would be most convenient to be able to remove an ip from the iptables without haveing to flush everything.
maybe an "unban" field in the csf web gui?
Infopro wrote:What about temp banning them instead, this feature is in there.
1000+ IPs?
Way too many, IMO.
I use the tempban option for other triggers.
Max num of blocked ips is dynamicly changed depending on several other monitoring systems.(eg.durring a drddos attack).
we have endured attacks consisting of more than 2000 ips before as well. this is why the list can become so big.
and yes i have concidered banning subnets but I rarely find more than 3 ips from the same subnet durrring such attacks
