From owner-freebsd-questions@freebsd.org  Wed Sep 30 07:42:15 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9E7AA0C556
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 30 Sep 2015 07:42:15 +0000 (UTC)
 (envelope-from nino80@gmail.com)
Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com
 [IPv6:2607:f8b0:4003:c01::236])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 91EEB1A11
 for <freebsd-questions@freebsd.org>; Wed, 30 Sep 2015 07:42:15 +0000 (UTC)
 (envelope-from nino80@gmail.com)
Received: by obbzf10 with SMTP id zf10so25125201obb.2
 for <freebsd-questions@freebsd.org>; Wed, 30 Sep 2015 00:42:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc:content-type;
 bh=2dTTnJuXUixvsKobQue2cAp9xA6WKRX7lWYFm1DlDMY=;
 b=Hua0wO3UbwOSYAf1LxEj+JM7rp1a8OF650E/vtjcqo/ITf4Q8plxMHozEx7EXnwkj8
 3tqIGxG4I+o/1HMf73PQGlFNIEiByoX/fBhRPQ7dKYn99PjnmkSJjXwjY+yg0VCsQ2zZ
 vGzyzBjy5rb2PP4qWHj/OKf3uJSgusN4eXyUGRtzTkOnethtv6ha6cGI78i/kcI8NhcC
 UJMmiO9E34EBivzDRv28OuUuk0SOZzOJQag5cUGEAr99tw54LtRQpe3URCvYJSC+DzyD
 Gija7qZufbWXGwqEUaSxb16jd2N/B2ZhUeUaqx653cPyNkILhrPPaaP6JtqIlpfANoB/
 Crzg==
X-Received: by 10.182.96.168 with SMTP id dt8mr1345449obb.36.1443598934745;
 Wed, 30 Sep 2015 00:42:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.110.102 with HTTP; Wed, 30 Sep 2015 00:41:55 -0700 (PDT)
In-Reply-To: <DUB118-W32603EFCC32F67913C02BEB44E0@phx.gbl>
References: <DUB118-W2564316B09E855F03F7D11B44E0@phx.gbl>
 <1443531575.1236.13.camel@michaeleichorn.com>
 <DUB118-W32603EFCC32F67913C02BEB44E0@phx.gbl>
From: Nino J <nino80@gmail.com>
Date: Wed, 30 Sep 2015 09:41:55 +0200
Message-ID: <CALf6cgZYJxQQA5Dxtu2QKzRC7FebeXte7NNRmGwOa5ma7We=tQ@mail.gmail.com>
Subject: Re: SSHguard & IPFW
To: Alexandre <axelbsd@ymail.com>
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 07:42:16 -0000

On Tue, Sep 29, 2015 at 4:24 PM, Alexandre <axelbsd@ymail.com> wrote:

>
> >> About the blocking rules reservation in IPFW (from rule 55000 to
> >> 55050), anyone experienced yet full use of these rules?
> >> By default, fifteen addresses can be blocked together. But how SSHGUARD
> >> works in this case for the newest one (51th)?
> >>
> >> Thank you in advance for your clarifications.
> >> Alexandre
>

To answer your second question, IPFW has no problem using the same rule
number for multiple rules. Thus sshguard is not limited to 50 addresses.

Also, next version of sshguard won't use IPFW rules, but rather an IPFW
table to insert IP addresses to be blocked. Thus it will only need a single
deny rule.

I'm currently using development version of sshguard which uses IPFW table
and it works fine for me.

Regards,
-- 
Nino