Configure PSAD to ignore certain IP ranges

This post will show you how to configure Port Scan Attack Detector (or PSAD) to ignore specific IP ranges.

What is PSAD?

PSAD is a collection of lightweight system daemons that run on Linux. You use PSAD to analyze the ‘iptables‘ log messages to detect port scans and other suspicious traffic. Visit for more information about PSAD.

Examples of PSAD Alerts

Here are some examples of PSAD email alerts:

Home Network

[psad-alert] DL3 src: dst: ap-op-mars.local
NetRange: –
Comment: This is a computer on the local network.

Google DNS

[psad-alert] DL2 src: dst: ap-op-mars.local
NetRange: –
Comment: Google DNS services is interacting with the local pc.


[psad-alert] DL5 src: dst:
NetRange: –
Comment: This is the local pc.

How to Ignore IP Ranges in PSAD

Open the PSAD /etc/psad/auto_dl file and add the following lines:         0;                # Ignore on server calls 0; # Ignore home network 0; #ignore goodle dns

Restart PSAD when you updated the auto_dl file:

sudo service psad restart

In Conclusion

Adjusting the IP rules for PSAD is quite easy! Need more help? Then read ‘blocking port scan attack‘ by OpenToDo for some brilliant in-depth information.

I hope you liked this post. If so, please click the like button and you will receive a million years of good Luck! Feel free to read other great posts at

Leave a Reply

Your email address will not be published. Required fields are marked *