Howto remove my IP from the local blocklist #19053
Comments
|
Hello! Whitelist is placed in
Just move your IP from your local blocklist to whitelist and restart MT's sensor. |
I've found the file in /usr/local/share/maltrail/misc/whitelist.txt After that, still no internet connection when I enable the firewall rule 'block source: BlocklistMaltrail" When I disable the Firewall rule, there is internet, so my ip is not whitelisted :D |
|
@mimugmail Need your assistance a little bit. How does this work in OPNSense? |
|
It would be best to just put a firewall rule above this alias rule which accepts your IP. |
|
this is indeed (temporary) a possibility to whitelist, but then you also have no filtering in the future because you bypass eveything I think? Suppose you get a virus, the IDS is triggered.. U remove the virus, but your IP is still blocked.. Or the IDS is not triggered because your IP is whitelisted/ bypassed :) |
|
Yes, but a whitelist option in MT would also eliminate this. You have to find out the reason why you are on this list |
|
Dear, I understand the whitelist function, but when I whitelist my ip and have a real security problem in the future, it will let everything from my IP through. When I can remove the 'custom fail2ban IP's' it can block my ip in the future again when there is a real problem. |
|
So you need to know how to remove yourself from dynamically learned blacklist |
Yes indeed 🌝 |
|
OpnSense user here too, recently start to using this plugin and i can tell its awesome! Great work! |
|
1.8 is the version If the plugin, inside its 0.47 (with 22.1.10). Just add an accept rule for your IP before the drop |
|
I had a similar problem on opnsense - my way of fixing it was removing all lines with the ip in question from the logs on "per line"-basis via shell on the opnsense firewall. The command I used to do this was: (XXX.XXX.XXX.XXX was the IP in question)
With this immediately the IP was gone from maltrail gui AND /fail2ban BlocklistMaltrail URL Table Explanation - I was searching for a place where the List is beeing stored to remove the IP from the Blacklist - but then I figured out, that it's beeing created in runtime by reading the logs and the IP's that are found inside there, were used to parse the /fail2ban IP Table - so the only way I saw to remove an IP after beeing detected, was to query all Logs for it and remove them there. Hope it helps. Worked for me at least. And for those not using opnsense - keep in mind that the sed string is different for other Systems!To remove the line and print the output to standard out: To directly modify the file – does not work with BSD sed: Same, but for BSD sed (Mac OS X and FreeBSD) – does not work with GNU sed: To directly modify the file (and create a backup) – works with BSD and GNU sed: |
|
@stamparm I use the whitelist myself aswell - but when you put the IP in whitelist on opnsense, after it was already listed, it got not removed from the /fail2ban list. That's why I used the other approache - to remove the IP in runtime. After beeing put on whitelist it just stop it from beeing parsed and added to the /fail2ban list - but it didn't got removed (at least in my case) |
try the following steps it works on my opnsense firewall |
Hi,
I'm using the maltrail plugin on my OpnSense appliance.
Eveything is working lika a charm.
But after a few tests I saw that my local computer ip was also on the blocklist.
When I enable the 'block firewall rule', it will block all ip addresses on the blocklist, So also my ip.
I can Bypass it with the whitelist function, but can I remove my ip from the blocklist, so it can detect new IDS problems in the future?
(And put it back on the list when there is a new security problem)
Is there a file that I can edit?
Thank you!
The text was updated successfully, but these errors were encountered: