FreeBSD Port: sshguard-1.6.3 IPFW tule missing
Mark Felder
feld at FreeBSD.org
Thu Mar 17 13:04:12 UTC 2016
On Sun, Mar 13, 2016, at 07:36, Petri Riihikallio wrote:
> Hello
>
> After upgrading my ports I noticed the rule "deny ip from table(22) to
> me” wasn’t being applied after a reboot. In 1.6.2 it was, if I recall
> correctly. When SSHGuard IPFW support was rewritten I had the table rule
> in my local config. Then it appeared in the port so I removed mine. I
> guess the current situation is an oversight. Just for you to know.
>
I'm not aware of sshguard automatically adding the "deny ip from
table(22) to me" rule to ipfw. This would be a very difficult thing to
do reliably as a complex firewall ruleset may need this deny rule
somewhere different than the very first rule. I certainly don't have it
as the first rule for my firewall.
--
Mark Felder
ports-secteam member
feld at FreeBSD.org
More information about the freebsd-ports
mailing list