Date: Thu, 17 Mar 2016 08:04:10 -0500 From: Mark Felder <feld@FreeBSD.org> To: Petri Riihikallio <petri.riihikallio@metis.fi> Cc: ports@FreeBSD.org Subject: Re: FreeBSD Port: sshguard-1.6.3 IPFW tule missing Message-ID: <1458219850.1252125.551938618.234203BC@webmail.messagingengine.com> In-Reply-To: <172178A6-5745-41A8-A7D0-3D99286AA67B@metis.fi> References: <172178A6-5745-41A8-A7D0-3D99286AA67B@metis.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 13, 2016, at 07:36, Petri Riihikallio wrote: > Hello >=20 > After upgrading my ports I noticed the rule "deny ip from table(22) to > me=E2=80=9D wasn=E2=80=99t being applied after a reboot. In 1.6.2 it was,= if I recall > correctly. When SSHGuard IPFW support was rewritten I had the table rule > in my local config. Then it appeared in the port so I removed mine. I > guess the current situation is an oversight. Just for you to know. >=20 I'm not aware of sshguard automatically adding the "deny ip from table(22) to me" rule to ipfw. This would be a very difficult thing to do reliably as a complex firewall ruleset may need this deny rule somewhere different than the very first rule. I certainly don't have it as the first rule for my firewall. --=20 Mark Felder ports-secteam member feld@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1458219850.1252125.551938618.234203BC>