Blocking addresses with IPFW

In this scenario, the host running sshguard runs IPFW, that has to be configured for accepting blocking rules from sshguard.

Adjusting passing rule priority

With IPFW, sshguard adds blocking rules with IDs from 55000 to 55050 by default. If a pass rule appears before these, it is applied because IPFW runs a first-match-win policy.

If you have an allow policy higher than 55050 in your IPFW chain, move it to a lower priority. E.g.: 

ipfw list
#    1240 allow ip from any to me 22
ipfw del 1240
ipfw add 56000 allow ip from any to me 22

This command will display the set of addresses blocked by sshguard at any time: 

ipfw list | awk '{ if($1 >= 55000 && $1 <= 55050) print $5 }'

IPv6 support

If you want IPv6 support, check ip6fw (instead of ipfw) to make the same adjustments. Sshguard will automatically interface to this chain when IPv6 addresses need to be blocked.

Lates Releases View all»

  • sshguard 1.5rc3 This release contains improvements to blacklisting, the Log Sucker, ...
  • sshguard 1.5rc2 This release fixes compilation issues on Solaris, fixes the ...
  • sshguard 1.5rc1 With respect to 1.5beta3, this release completes support for ...

F.A.Q. View all»