SSHguard & IPFW

[Ian Smith]

In freebsd-questions Digest, Vol 591, Issue 2, Message: 14
On Wed, 30 Sep 2015 09:41:55 +0200 Nino J <nino80 at gmail.com> wrote:
 > On Tue, Sep 29, 2015 at 4:24 PM, Alexandre <axelbsd at ymail.com> wrote:
 > 
 > >
 > > >> About the blocking rules reservation in IPFW (from rule 55000 to
 > > >> 55050), anyone experienced yet full use of these rules?
 > > >> By default, fifteen addresses can be blocked together. But how SSHGUARD
 > > >> works in this case for the newest one (51th)?
 > > >>
 > > >> Thank you in advance for your clarifications.
 > > >> Alexandre
 > >
 > 
 > To answer your second question, IPFW has no problem using the same rule
 > number for multiple rules. Thus sshguard is not limited to 50 addresses.
 > 
 > Also, next version of sshguard won't use IPFW rules, but rather an IPFW
 > table to insert IP addresses to be blocked. Thus it will only need a single
 > deny rule.

That's so much smarter than a fixed block of rule numbers, and you can 
put your table lookup or action rule/s whereever you want in rulesets.

Moreover, utilities could add a 32 bit value to table entries such as a 
timestamp (for later expiry) or a skipto address for classification of 
different types of detected behaviours, whatever ..

 > I'm currently using development version of sshguard which uses IPFW table
 > and it works fine for me.

I'm more paranoid and only allow addresses in a table to access sshd's 
port, with a couple of roaming users who need to check mail to update
their IP before login .. but this is great news for sshguard users.

cheers, Ian