How to force an IP address in a blacklist or a whitelist?

Either hosts.allow features or blockhosts.py command-line arguments can be used to whitelist or blacklist IP addresses.

  • Using hosts.allow. To stop blockhosts.py from being called at all for whitelisted/blacklisted addresses, use the hosts.allow whitelist/blacklist feature.

    Edit /etc/hosts.allow, and before the line where blockhost section starts, add
    -- your permanent whitelist and blacklist of IP addresses (this is for hosts.allow white/blacklisting)

    Here's an example hosts.allow:

    # permanent whitelist addresses - this should always be allowed access
    
    ALL: 127.0.0.1 : allow
    ALL: 10. : allow
    
    # permanent blacklist addresses - this should always be denied access
    ALL: 192.168.1.1 : deny
    ALL: 192.168.1.2 : deny
    

In addition to the above, to prevent blockhosts.py from ever entering a block rule for the whitelisted addresses, the --whitelist argument should be used, as described below.

  • If not using hosts.allow, or when it is necessary to have blockhosts manage the blacklisting or whitelisting, use the --blacklist or --whitelist options of blockhosts.py. These take regular expressions or IP addresses as arguments. Here's an example:
    /usr/bin/blockhosts.py --verbose  --mail --ipblock=iptables --whitelist="10\..*,127.0.0.1" --blacklist="192.168.1.1,192.168.1.2"
    

    The above example will cause blockhosts to whitelist any address beginning with 10., and the address 127.0.0.1 and thus never block these addresses even if their count of failed accesses goes above the threshold.

    Secondly, the above example will cause blockhosts to immediately blacklist the two addresses listed - 192.168.1.1 and 192.168.1.2 when blockhosts.py is run.
    If regular expressions are provided to the --blacklist option, then as soon as the first failed access is seen, even if the count has not crossed threshold, that IP address will be blocked. Note that since blockhosts.py runs after the connection attempt, using regular expressions may not immediately block a blacklisted IP address. See blockhosts.py --help for more information.
    -------------------------------------------------------------------------