So IPS/IDS went… insane and started blocking a large number of legitimate requests, hobbling my network. I’ve disabled it until I can troubleshoot that, but it appears disabling IDS/IPS does not remove the blocks added in IPTables.
How can I just reset all of these blocks and start fresh?
If you click Reset next to Reset Ignored Rules, it will also reset all of the IP blocks. Sorry that’s not more clear.
That did not work. I just tried it for a second time, and the blocks still show up in iptables on the route10.
Interesting, I’ll look into it. You can manually delete them via CLI:
/etc/init.d/ips stop
rm /var/run/ips-block.txt
/etc/init.d/ips start
Thanks, I actually was able to get it to unblock by re-enabling IDS/IPS, and setting block level to “none”.
Now, time to dig in and figure out what went crazy to cause this in the first place.