I entered in 2 new IPs into the /etc/asl/whitelist file - one ipv4 and one ipv6 - and then ran asl -f -s which when it checked the mod_evasive settings the ipv4 address showed up as fixed but the ipv6 address didnt show up at all.
Does ASL or mod_evasive not support ipv6 addresses?
I added the ipv6 equivalent of a loopback/localhost address
In response to getting numerous emails from ossec saying that mod_evasive had blocked the ::1 address due to a Ddos
Received From: ehost-services201->/var/log/messages
Rule: 60205 fired (level 7) -> "Possble DoS attack"
Portion of the log(s):
Aug 14 17:02:29 server.name mod_evasive: Blacklisting address ::1: possible DoS attack.