Community discussions

MUM Europe 2020
 
patrickmkt
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sat Jul 28, 2012 5:21 pm

action=del-src-from-address-list

Sat Oct 04, 2014 7:34 am

There are action=add-src-to-address-list and action=add-dest-to-address-list in NAT, Mangle and Filter.

How can I remove an address from a list as an action too?

Wouldn't it be nice to have also action=del-src-from-address-list and action=del-dest-from-address-list?
 
joegoldman
Long time Member
Long time Member
Posts: 501
Joined: Mon May 27, 2013 2:05 am

Re: action=del-src-from-address-list

Sat Oct 04, 2014 9:33 am

explain the purpose of which you want it and you should be able to achieve it with other firewall rules in combination.

Most importantly - add-src can have timeout so it auto-removes after a time.
 
patrickmkt
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Sat Jul 28, 2012 5:21 pm

Re: action=del-src-from-address-list

Sat Oct 04, 2014 6:46 pm

I am already using the time out option, however I was considering using some port knocking scenario to shut down access in addition to open them.
 
sejtam
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sun Dec 14, 2014 4:23 pm

Re: action=del-src-from-address-list

Mon Feb 09, 2015 1:39 pm

Yes, I think this would be useful for port-knocking, or when detecting that a system outside has successfully established a connection (logged in), it can be removed from the blacklist.

I do think it can be worked aorund by instead adding the address to a whitelist (and then possibly having a script come around every x minutes checking the whitelists and deleting the whitelisted entries from the blacklists). But that would be much more complicated and likely error prone

Who is online

Users browsing this forum: No registered users and 158 guests