Date: Mon, 15 Oct 2018 17:16:50 +0200 From: Per olof Ljungmark <peo@nethead.se> To: ports@freebsd.org Cc: dan.mcgregor@usask.ca Subject: sshguard - rc and blacklisting Message-ID: <feeb25e5-4685-bd34-c677-c45dc49ff41b@nethead.se>
next in thread | raw e-mail | index | archive | help
Hello, Either I am doing it wrong or sshguard is not properly implemented. 1. In the config file /usr/local/etc/sshguard.conf there is a parameter # Colon-separated blacklist threshold and full path to blacklist file. # (optional, no default) #BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db however, the threshold setting does not seem to have any effect. If I change the setting in rc.d/sshguard, it does take effect. 2. Looking at /var/db/sshguard/blacklist.db, each row looks like 1539615075|220|4|143.0.65.92 There is another setting in the config, # Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 32) IPV4_SUBNET=32 I have tried to alter this setting to /24 and /29, auth.log says Blocking "143.0.65.92/29" forever but blacklist.db does not indiciate any different CDIR than /32. Any ideas?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?feeb25e5-4685-bd34-c677-c45dc49ff41b>