denyhosts/pfctl to block repeated logins?

Michael B. Eichorn ike at
Sat Jun 20 12:31:51 UTC 2015

On Sat, 2015-06-20 at 21:55 +1000, andrew clarke wrote:
> On Sat 2015-06-20 07:34:50 UTC-0400, John Holland (jholland at
> ) wrote:
> > What is the best tool to use to block repeated login attempts from
> > unauthorized hosts?  And for deny hosts, how you unblock someone who
> > is legitimate?
> "Best tool" is difficult to answer since it depends on your exact
> requirements.
> Also once an admin finds an IP blocker that works for them, they may
> tend to stick with it rather than try all the alternatives.
> For blocking unsuccessful ssh logins, sshguard-ipfw works for me.

I will second sshguard as an excellent automated blocker. But since the
OP mentions pfctl in the subject line, they probably want sshguard-pf.
There is also a no-firewall version for running in jails.

I prefer sshguard as it is a daemon like C program whereas denyhosts is a
python script. So I get a few less dependencies and a bit more speed.

SSHguard can handle more than just ssh logins, but sendmail, dovecot, and
other servers as well.

Unblocking no matter what you are using best consists of 2 steps:
 1) Remove the blocked address from the firewall table, hosts.deny, etc.
 2) If possible whitelist the hostname(s)/address(es)/subnet(s)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5761 bytes
Desc: not available
URL: <>

More information about the freebsd-questions mailing list