SSHguard & IPFW
Michael B. Eichorn
ike at michaeleichorn.com
Tue Sep 29 13:04:06 UTC 2015
On Tue, 2015-09-29 at 14:04 +0200, Alexandre wrote:
> Hi,
>
> I installed and configured IPFW on my box. I installed
> security/sshguard-ipfw to block unwanted SSH connections.
> I did not added the line sshguard_enable="YES" in /etc/rc.conf.
> Without this line in /etc/rc.conf, Bots IP addresses seems to be
> blocked as expected (/var/log/messages):
>
> Sep 25 18:39:27 BoxName sshguard[7243]: Blocking 62.212.230.2:4
> for>945secs: 40 danger in 4 attacks over 514 seconds (all: 80d in 2
> abuses over 2059s).
>
> With the command $ sudo ipfw list I can see the blocked IP adresse in
> the deny list :
> 55031 deny ip from 62.212.230.2 to me
>
> Anyone can confirm (or not if I am wrong) that the line
> sshguard_enable="YES" is requested only if I install security/sshguard
> port?
Nope, sshguard_enable applies to all of them the sshguard-* ports are
just sshguard with different configure options.
From /usr/local/etc/rc.d/sshguard (sshguard-pf, but should be the same
with -ipfw):
# Add the following lines to /etc/rc.conf to enable sshguard:
# sshguard_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable sshguard
At a guess something happened to kick off sshguard without the rc script,
but for most setups the rc script is the proper way to start sshguard.
Is there any chance that you might have followed an old guide? In
sshguard < 1.5 a valid configuration option was to use syslog to kickoff
sshguard and not use sshguard enable, but this is now depreciated in
favor of the new 'Log Sucker' introduced in v1.5.
> >
> About the blocking rules reservation in IPFW (from rule 55000 to
> 55050), anyone experienced yet full use of these rules?
> By default, fifteen addresses can be blocked together. But how SSHGUARD
> works in this case for the newest one (51th)?
>
> Thank you in advance for your clarifications.
> Alexandre
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5761 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150929/dc0cc680/attachment.bin>
More information about the freebsd-questions
mailing list