Blocking addresses with IPFW
In this scenario, the host running sshguard runs IPFW, that has to be configured for accepting blocking rules from sshguard.
Adjusting passing rule priority
With IPFW, sshguard adds blocking rules with IDs from 55000 to 55050 by default. If a pass rule appears before these, it is applied because IPFW runs a first-match-win policy.
If you have an allow policy higher than 55050 in your IPFW chain, move it to a lower priority. E.g.:
ipfw list # 1240 allow ip from any to me 22 ipfw del 1240 ipfw add 56000 allow ip from any to me 22
This command will display the set of addresses blocked by sshguard at any time:
ipfw list | awk '{ if($1 >= 55000 && $1 <= 55050) print $5 }'
IPv6 support
If you want IPv6 support, check ip6fw (instead of ipfw) to make the same adjustments. Sshguard will automatically interface to this chain when IPv6 addresses need to be blocked.