FreeBSD Port: sshguard-1.6.3 IPFW tule missing

[Petri Riihikallio]

Thanks for reply!

> I'm not aware of sshguard automatically adding the "deny ip from
> table(22) to me" rule to ipfw. This would be a very difficult thing to
> do reliably as a complex firewall ruleset may need this deny rule
> somewhere different than the very first rule. I certainly don't have it
> as the first rule for my firewall.

After the revamp of IPFW support in SSHGuard it took me a while to figure out why it wasn’t guarding anything anymore and then how to fix it. After some time I found out I had two identical rules (but different numbers). Then it took me again a while to figure out where the other rule was coming from, before I found it at the end of /usr/local/etc/rc.d/sshguard. Now it isn't there anymore.

Of course I could be just dreaming, because I don’t have any evidence. I love my FreeBSD boxes because I can get away with so little maintenance. Someone could argue I am neglecting them. That’s why I am only fixing things afterwards, when something gets broken.

My setup is working fine again. I just would like to help others who are setting up SSHGuard for the first time. It would have saved me some headscratching if something like 'ipfw "add 55000 deny ip from table(22) to me”’ would be set up as an example in the startup script - even if it was commented out. It could also be at the beginning, in the section "Add the following lines to /etc/rc.conf to enable sshguard” where it would also make sense.

br, Petri



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20160318/7b54c24e/attachment.sig>