SSHguard & IPFW

Ian Smith smithi at
Wed Sep 30 17:58:43 UTC 2015

In freebsd-questions Digest, Vol 591, Issue 2, Message: 14
On Wed, 30 Sep 2015 09:41:55 +0200 Nino J <nino80 at> wrote:
 > On Tue, Sep 29, 2015 at 4:24 PM, Alexandre <axelbsd at> wrote:
 > >
 > > >> About the blocking rules reservation in IPFW (from rule 55000 to
 > > >> 55050), anyone experienced yet full use of these rules?
 > > >> By default, fifteen addresses can be blocked together. But how SSHGUARD
 > > >> works in this case for the newest one (51th)?
 > > >>
 > > >> Thank you in advance for your clarifications.
 > > >> Alexandre
 > >
 > To answer your second question, IPFW has no problem using the same rule
 > number for multiple rules. Thus sshguard is not limited to 50 addresses.
 > Also, next version of sshguard won't use IPFW rules, but rather an IPFW
 > table to insert IP addresses to be blocked. Thus it will only need a single
 > deny rule.

That's so much smarter than a fixed block of rule numbers, and you can 
put your table lookup or action rule/s whereever you want in rulesets.

Moreover, utilities could add a 32 bit value to table entries such as a 
timestamp (for later expiry) or a skipto address for classification of 
different types of detected behaviours, whatever ..

 > I'm currently using development version of sshguard which uses IPFW table
 > and it works fine for me.

I'm more paranoid and only allow addresses in a table to access sshd's 
port, with a couple of roaming users who need to check mail to update
their IP before login .. but this is great news for sshguard users.

cheers, Ian

More information about the freebsd-questions mailing list