Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Oct 2015 03:58:32 +1000 (EST)
From:      Ian Smith <smithi@nimnet.asn.au>
To:        Nino J <nino80@gmail.com>
Cc:        Alexandre <axelbsd@ymail.com>, freebsd-questions@freebsd.org
Subject:   Re: SSHguard & IPFW
Message-ID:  <20151001033001.R67283@sola.nimnet.asn.au>
In-Reply-To: <mailman.98.1443614402.37653.freebsd-questions@freebsd.org>
References:  <mailman.98.1443614402.37653.freebsd-questions@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In freebsd-questions Digest, Vol 591, Issue 2, Message: 14
On Wed, 30 Sep 2015 09:41:55 +0200 Nino J <nino80@gmail.com> wrote:
 > On Tue, Sep 29, 2015 at 4:24 PM, Alexandre <axelbsd@ymail.com> wrote:
 > 
 > >
 > > >> About the blocking rules reservation in IPFW (from rule 55000 to
 > > >> 55050), anyone experienced yet full use of these rules?
 > > >> By default, fifteen addresses can be blocked together. But how SSHGUARD
 > > >> works in this case for the newest one (51th)?
 > > >>
 > > >> Thank you in advance for your clarifications.
 > > >> Alexandre
 > >
 > 
 > To answer your second question, IPFW has no problem using the same rule
 > number for multiple rules. Thus sshguard is not limited to 50 addresses.
 > 
 > Also, next version of sshguard won't use IPFW rules, but rather an IPFW
 > table to insert IP addresses to be blocked. Thus it will only need a single
 > deny rule.

That's so much smarter than a fixed block of rule numbers, and you can 
put your table lookup or action rule/s whereever you want in rulesets.

Moreover, utilities could add a 32 bit value to table entries such as a 
timestamp (for later expiry) or a skipto address for classification of 
different types of detected behaviours, whatever ..

 > I'm currently using development version of sshguard which uses IPFW table
 > and it works fine for me.

I'm more paranoid and only allow addresses in a table to access sshd's 
port, with a couple of roaming users who need to check mail to update
their IP before login .. but this is great news for sshguard users.

cheers, Ian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151001033001.R67283>