SSHguard & IPFW
smithi at nimnet.asn.au
Wed Sep 30 17:58:43 UTC 2015
In freebsd-questions Digest, Vol 591, Issue 2, Message: 14
On Wed, 30 Sep 2015 09:41:55 +0200 Nino J <nino80 at gmail.com> wrote:
> On Tue, Sep 29, 2015 at 4:24 PM, Alexandre <axelbsd at ymail.com> wrote:
> > >> About the blocking rules reservation in IPFW (from rule 55000 to
> > >> 55050), anyone experienced yet full use of these rules?
> > >> By default, fifteen addresses can be blocked together. But how SSHGUARD
> > >> works in this case for the newest one (51th)?
> > >>
> > >> Thank you in advance for your clarifications.
> > >> Alexandre
> To answer your second question, IPFW has no problem using the same rule
> number for multiple rules. Thus sshguard is not limited to 50 addresses.
> Also, next version of sshguard won't use IPFW rules, but rather an IPFW
> table to insert IP addresses to be blocked. Thus it will only need a single
> deny rule.
That's so much smarter than a fixed block of rule numbers, and you can
put your table lookup or action rule/s whereever you want in rulesets.
Moreover, utilities could add a 32 bit value to table entries such as a
timestamp (for later expiry) or a skipto address for classification of
different types of detected behaviours, whatever ..
> I'm currently using development version of sshguard which uses IPFW table
> and it works fine for me.
I'm more paranoid and only allow addresses in a table to access sshd's
port, with a couple of roaming users who need to check mail to update
their IP before login .. but this is great news for sshguard users.
More information about the freebsd-questions