FreeBSD Port: sshguard-1.6.3 IPFW tule missing

Mark Felder feld at
Thu Mar 17 13:04:12 UTC 2016

On Sun, Mar 13, 2016, at 07:36, Petri Riihikallio wrote:
> Hello
> After upgrading my ports I noticed the rule "deny ip from table(22) to
> me” wasn’t being applied after a reboot. In 1.6.2 it was, if I recall
> correctly. When SSHGuard IPFW support was rewritten I had the table rule
> in my local config. Then it appeared in the port so I removed mine. I
> guess the current situation is an oversight. Just for you to know.

I'm not aware of sshguard automatically adding the "deny ip from
table(22) to me" rule to ipfw. This would be a very difficult thing to
do reliably as a complex firewall ruleset may need this deny rule
somewhere different than the very first rule. I certainly don't have it
as the first rule for my firewall.

  Mark Felder
  ports-secteam member
  feld at

More information about the freebsd-ports mailing list