SSHguard & IPFW

Alexandre axelbsd at
Tue Sep 29 12:07:42 UTC 2015


I installed and configured IPFW on my box. I installed security/sshguard-ipfw to block unwanted SSH connections.
I did not added the line sshguard_enable="YES" in /etc/rc.conf.
Without this line in /etc/rc.conf, Bots IP addresses seems to be blocked as expected (/var/log/messages):

Sep 25 18:39:27 BoxName sshguard[7243]: Blocking for>945secs: 40 danger in 4 attacks over 514 seconds (all: 80d in 2 abuses over 2059s).

With the command  $ sudo ipfw list I can see the blocked IP adresse in the deny list : 
55031 deny ip from to me

Anyone can confirm (or not if I am wrong) that the line sshguard_enable="YES" is requested only if I install security/sshguard port?

About the blocking rules reservation in IPFW (from rule 55000 to 55050), anyone experienced yet full use of these rules? 
By default, fifteen addresses can be blocked together. But how SSHGUARD works in this case for the newest one (51th)?

Thank you in advance for your clarifications.

More information about the freebsd-questions mailing list