From owner-freebsd-questions@FreeBSD.ORG Tue Nov 2 17:28:12 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92B331065672 for ; Tue, 2 Nov 2010 17:28:12 +0000 (UTC) (envelope-from rfarmer@predatorlabs.net) Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 591E58FC13 for ; Tue, 2 Nov 2010 17:28:12 +0000 (UTC) Received: by gwj16 with SMTP id 16so6634gwj.13 for ; Tue, 02 Nov 2010 10:28:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.42.228.70 with SMTP id jd6mr9314218icb.301.1288718891265; Tue, 02 Nov 2010 10:28:11 -0700 (PDT) Received: by 10.220.187.71 with HTTP; Tue, 2 Nov 2010 10:28:11 -0700 (PDT) X-Originating-IP: [128.95.133.181] In-Reply-To: References: Date: Tue, 2 Nov 2010 10:28:11 -0700 Message-ID: From: Rob Farmer To: "Justin V." Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org Subject: Re: SSHgaurd and PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Nov 2010 17:28:12 -0000 On Tue, Nov 2, 2010 at 10:03, Justin V. wrote: > This is the guide I used: > > http://www.sshguard.net/docs/setup/firewall/pf/ > > I followed this section to block all brute attempts: Right, but did you do this part too? http://www.sshguard.net/docs/setup/getlogs/syslog/ The part you mentioned sets up the table and has pf drop the connection attempts, but you need to configure syslog to fill the table with IPs of attackers. -- Rob Farmer