Date: Tue, 29 Sep 2015 14:04:45 +0200 From: Alexandre <axelbsd@ymail.com> To: FreeBSD Questions Mailing List FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: SSHguard & IPFW Message-ID: <DUB118-W2564316B09E855F03F7D11B44E0@phx.gbl>
next in thread | raw e-mail | index | archive | help
Hi, I installed and configured IPFW on my box. I installed security/sshguard-ipfw to block unwanted SSH connections. I did not added the line sshguard_enable="YES" in /etc/rc.conf. Without this line in /etc/rc.conf, Bots IP addresses seems to be blocked as expected (/var/log/messages): Sep 25 18:39:27 BoxName sshguard[7243]: Blocking 62.212.230.2:4 for>945secs: 40 danger in 4 attacks over 514 seconds (all: 80d in 2 abuses over 2059s). With the command $ sudo ipfw list I can see the blocked IP adresse in the deny list : 55031 deny ip from 62.212.230.2 to me Anyone can confirm (or not if I am wrong) that the line sshguard_enable="YES" is requested only if I install security/sshguard port? About the blocking rules reservation in IPFW (from rule 55000 to 55050), anyone experienced yet full use of these rules? By default, fifteen addresses can be blocked together. But how SSHGUARD works in this case for the newest one (51th)? Thank you in advance for your clarifications. Alexandre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DUB118-W2564316B09E855F03F7D11B44E0>