SSHguard & IPFW

Nino J nino80 at
Wed Sep 30 07:42:16 UTC 2015

On Tue, Sep 29, 2015 at 4:24 PM, Alexandre <axelbsd at> wrote:

> >> About the blocking rules reservation in IPFW (from rule 55000 to
> >> 55050), anyone experienced yet full use of these rules?
> >> By default, fifteen addresses can be blocked together. But how SSHGUARD
> >> works in this case for the newest one (51th)?
> >>
> >> Thank you in advance for your clarifications.
> >> Alexandre

To answer your second question, IPFW has no problem using the same rule
number for multiple rules. Thus sshguard is not limited to 50 addresses.

Also, next version of sshguard won't use IPFW rules, but rather an IPFW
table to insert IP addresses to be blocked. Thus it will only need a single
deny rule.

I'm currently using development version of sshguard which uses IPFW table
and it works fine for me.


More information about the freebsd-questions mailing list