Blocking addresses with IPFilter

In this scenario, the host running sshguard runs IPFilter.

Preparing the rules configuration file

IPFilter is configured by a rules file, e.g. /etc/ipf.rules. Make sure that while compiling you let sshguard know the correct place to look for this file (see compile and install sshguard branch 1.x).

It is your role to rule locate a suitable position in which sshguard can include rules in this file. If you have a pass-all rule for sshguard, it must stay after this block. Then, insert this block where you want sshguard rules to be wrapped: 

##sshguard-begin##
##sshguard-end##

Sshguard will insert/withdraw rules within this block for blocking/releasing attacker addresses, then run ipf for reloading the chain.

You can get the set of addresses blocked by sshguard at any time by reading the ipf configuration file itself: they are listed inside the sshguard block delimiters.

Lates Releases View all»

  • sshguard 1.5rc3 This release contains improvements to blacklisting, the Log Sucker, ...
  • sshguard 1.5rc2 This release fixes compilation issues on Solaris, fixes the ...
  • sshguard 1.5rc1 With respect to 1.5beta3, this release completes support for ...

F.A.Q. View all»