From owner-freebsd-questions@freebsd.org Tue Sep 29 12:07:42 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B60F1A0BB4C for ; Tue, 29 Sep 2015 12:07:42 +0000 (UTC) (envelope-from axelbsd@ymail.com) Received: from nm43-vm2.bullet.mail.ne1.yahoo.com (nm43-vm2.bullet.mail.ne1.yahoo.com [98.138.120.226]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 79E321596 for ; Tue, 29 Sep 2015 12:07:42 +0000 (UTC) (envelope-from axelbsd@ymail.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ymail.com; s=s2048; t=1443528461; bh=iBtiWL0avRwEAgVeZboJ2UWEpk6OUPW1XFwu7prR2gg=; h=From:To:Subject:Date:From:Subject; b=JB4uHLBxbNOtclLNXaHnt6CIJkgkjamZZbFFTRY+MpzimtOavf6Xjc5zwWVeaf4T34ovxkpFXsto6u2ILk27zNlN1WRqUaA8FHJaVrW2t5H+UFsiJZabJ0xomkgk8+ZvHAzwEJKoBC1lrMK96TxWYxykk6OVARJmZ6lfX7266ooIFcME3nYCyxjzYq01+n6OgQZFv61j8bVo7UQYlRdfLH33LMeVJMkdqWuOvEpaURrPf3YlwqsQPzi1OwvaaQcQSKEKa65wwX0aBnPOiXmvYJ7w92+vHfF8bbl121YUoVChRskBWbHN+MnQEKByev9tmbwvkwkY6cVeosu0qkvb1A== Received: from [127.0.0.1] by nm43.bullet.mail.ne1.yahoo.com with NNFMP; 29 Sep 2015 12:07:41 -0000 Received: from [98.138.101.131] by nm43.bullet.mail.ne1.yahoo.com with NNFMP; 29 Sep 2015 12:04:47 -0000 Received: from [212.82.98.124] by tm19.bullet.mail.ne1.yahoo.com with NNFMP; 29 Sep 2015 12:04:47 -0000 Received: from [46.228.39.86] by tm17.bullet.mail.ir2.yahoo.com with NNFMP; 29 Sep 2015 12:04:47 -0000 Received: from [127.0.0.1] by smtp123.mail.ir2.yahoo.com with NNFMP; 29 Sep 2015 12:04:47 -0000 X-Yahoo-Newman-Id: 634087.65191.bm@smtp123.mail.ir2.yahoo.com X-Yahoo-Newman-Property: ymail-4 X-YMail-OSG: lHUnaswVM1lWTpSVG6uvudtKQ1nwN1L.Z0lGZ7RUE_Aszuh PubHfyLz9H6g.CRT..fnZ17_ZdO059KSy7X0zhIolH7Jt6SBTVkKFzl7Yeuk B_Ifgp1Xhujc_jrkSQ2hcPN4MjgdTqI5mRggTdQrNjm5W9fw5z2c5qlfAkP9 nn1YMKpu96sugQ0XjY3ZROy.IMp9UkbsgBfcs2lqqVMhLMN.yS9SPKQoZJ47 aCqZn_mnr9kz59X5gbw9dOS6t4DvNtHyUTnlq09bR4FEwLElZzrEuYLztdgj rb7Rh0W2EjlnwMjr0sAxzBegbH6NLvP4992QBZ54eSzv98jq8D_WBnWag2mM 0FXlsqFClfCNhLQ3LlnsmJUghe.yyqA6UFj8yVda1PSWvteywp8HPj0mox74 ZOURdwGNBubjpN7xCn0RJ2XIrOr17m5O3U4sTalBkTJEKXohAJidAg5JGAMx pj_yejaIfVAOHY4a.y6tl218sMpnykI.Spb18F9ZJDLe31lvUHtQTZ4wuF0y K_F_BCSu49n5ZdxAkxeZwg76_pFzXogdZOk8MZ_onBAMftceKWYEU2bDUTNw - X-Yahoo-SMTP: S65s63SswBDjU54Gjqw2GSWlZmfgiEU_X3tN1_9u Received: from DUB118-W25 ([157.56.194.39]) by DUB004-WSS1S1.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 29 Sep 2015 05:04:46 -0700 X-TMN: [WmK2IwpxSSFkQ7BoPdlvNy5h97Da7IqY] Message-ID: From: Alexandre To: FreeBSD Questions Mailing List FreeBSD Questions Mailing List Subject: SSHguard & IPFW Date: Tue, 29 Sep 2015 14:04:45 +0200 Importance: Normal Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 29 Sep 2015 12:04:46.0505 (UTC) FILETIME=[08A5D190:01D0FAAF] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2015 12:07:42 -0000 Hi=2C=0A= =0A= I installed and configured IPFW on my box. I installed security/sshguard-ip= fw to block unwanted SSH connections.=0A= I did not added the line sshguard_enable=3D"YES" in /etc/rc.conf.=0A= Without this line in /etc/rc.conf=2C Bots IP addresses seems to be blocked = as expected (/var/log/messages):=0A= =0A= Sep 25 18:39:27 BoxName sshguard[7243]: Blocking 62.212.230.2:4 for>945secs= : 40 danger in 4 attacks over 514 seconds (all: 80d in 2 abuses over 2059s)= .=0A= =0A= With the command $ sudo ipfw list I can see the blocked IP adresse in the = deny list : =0A= 55031 deny ip from 62.212.230.2 to me=0A= =0A= Anyone can confirm (or not if I am wrong) that the line sshguard_enable=3D"= YES" is requested only if I install security/sshguard port?=0A= =0A= =0A= About the blocking rules reservation in IPFW (from rule 55000 to 55050)=2C = anyone experienced yet full use of these rules? =0A= By default=2C fifteen addresses can be blocked together. But how SSHGUARD w= orks in this case for the newest one (51th)?=0A= =0A= Thank you in advance for your clarifications.=0A= Alexandre=0A= =