Site Navigation

Date:      Tue, 29 Sep 2015 08:59:35 -0400
From:      "Michael B. Eichorn" <ike@michaeleichorn.com>
To:        Alexandre <axelbsd@ymail.com>, FreeBSD Questions Mailing List FreeBSD Questions Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: SSHguard & IPFW
Message-ID:  <1443531575.1236.13.camel@michaeleichorn.com>
In-Reply-To: <DUB118-W2564316B09E855F03F7D11B44E0@phx.gbl>
References:  <DUB118-W2564316B09E855F03F7D11B44E0@phx.gbl>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
On Tue, 2015-09-29 at 14:04 +0200, Alexandre wrote:
> Hi,
> 
> I installed and configured IPFW on my box. I installed
> security/sshguard-ipfw to block unwanted SSH connections.
> I did not added the line sshguard_enable="YES" in /etc/rc.conf.
> Without this line in /etc/rc.conf, Bots IP addresses seems to be
> blocked as expected (/var/log/messages):
> 
> Sep 25 18:39:27 BoxName sshguard[7243]: Blocking 62.212.230.2:4
> for>945secs: 40 danger in 4 attacks over 514 seconds (all: 80d in 2
> abuses over 2059s).
> 
> With the command  $ sudo ipfw list I can see the blocked IP adresse in
> the deny list : 
> 55031 deny ip from 62.212.230.2 to me
> 
> Anyone can confirm (or not if I am wrong) that the line
> sshguard_enable="YES" is requested only if I install security/sshguard
> port?

Nope, sshguard_enable applies to all of them the sshguard-* ports are
just sshguard with different configure options.

From /usr/local/etc/rc.d/sshguard (sshguard-pf, but should be the same
with -ipfw):

# Add the following lines to /etc/rc.conf to enable sshguard:
# sshguard_enable (bool):	Set to "NO" by default.
#				Set it to "YES" to enable sshguard

At a guess something happened to kick off sshguard without the rc script,
but for most setups the rc script is the proper way to start sshguard.

Is there any chance that you might have followed an old guide? In
sshguard < 1.5 a valid configuration option was to use syslog to kickoff
sshguard and not use sshguard enable, but this is now depreciated in
favor of the new 'Log Sucker' introduced in v1.5.

	
	
> 	> 
> About the blocking rules reservation in IPFW (from rule 55000 to
> 55050), anyone experienced yet full use of these rules? 
> By default, fifteen addresses can be blocked together. But how SSHGUARD
> works in this case for the newest one (51th)?
> 
> Thank you in advance for your clarifications.
> Alexandre
> 					 		 	   	
> 	  
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
[-- Attachment #2 --]
0�	*�H��

��0�

10
	`�H
e0�	*�H��


���0�00��
]�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��

	
ike@michaeleichorn.com0�
"0
	*�H��



�
0�

�

�UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYDz�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����
aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\��

���0��0	U00U�0U%0+
+
0U�jj�:	�γ����+39�啖0U#0�Sr풜���
\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class1/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ
��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�00��
]�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��

	
ike@michaeleichorn.com0�
"0
	*�H��



�
0�

�

�UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYDz�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����
aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\��

���0��0	U00U�0U%0+
+
0U�jj�:	�γ����+39�啖0U#0�Sr풜���
\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class1/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ
��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�40��

0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�
"0
	*�H��



�
0�

�

�	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N��

��
�0�
�0U

�0

�0U

�
0USr풜���
\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+


Z0X0'+
0
�http://ocsp.startssl.com/ca0-+
0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+

��7

0f0.+

"http://www.startssl.com/policy.pdf04+

(http://www.startssl.com/intermediate.pdf0
	*�H��


�

�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢����
��o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�LJ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b
��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�1��0��

0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	`�H
e��
�0	*�H��

	1	*�H��


0	*�H��

	1
150929125935Z0O	*�H��

	1B@�:�gU�ȹ��n�P;i�n�����?�?EOK;�{~��U�ƿ�Hm?,id�gB�i
O���w1	�60��	+

�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0��*�H��

	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	*�H��



�
\L��_0x
8ѷȾ�vfބ_!u�D��#80���}��m�P�9��",�|&$
�V�������=%UT��=>�Օ�{�<���q�~�>ֺ�����[�X����Pmx��M&�v;����'�UČ���N�U*&!	#���@�ߦ�2�)�1x���'P�
�n�d� s	[�ζ���A;��y�aR�u�8���Yt�2.IF�~�!�F?���)�=�|�À��y���`~E�d)���\�Q��P#

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1443531575.1236.13.camel>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact