ossec blocked all ips? everywhere?

20 views

Skip to first unread message

unread,

Jul 11, 2017, 2:37:21 PM7/11/17

to ossec-list

is there a condition where ossec blocks all incoming connections?

unread,

Jul 12, 2017, 7:03:01 AM7/12/17

to ossec-list

I think, by default, OSSEC has the active-response for blocking an IP if an alert higher than 6 is fired. I recommend to disable this setting.

Regards.

unread,

Jul 12, 2017, 7:03:55 AM7/12/17

to ossec-list

In case that you want to block all connections, you can create an active response script to add a specific rule in iptables.

Reply all

Reply to author

Forward

0 new messages