Blocking addresses with IPFW

In this scenario, the host running sshguard runs IPFW, that has to be configured for accepting blocking rules from sshguard.

Adjusting passing rule priority

With IPFW, sshguard adds blocking rules with IDs from 55000 to 55050 by default. If a pass rule appears before these, it is applied because IPFW runs a first-match-win policy.

If you have an allow policy higher than 55050 in your IPFW chain, move it to a lower priority. E.g.: 

ipfw list
#    1240 allow ip from any to me 22
ipfw del 1240
ipfw add 56000 allow ip from any to me 22

This command will display the set of addresses blocked by sshguard at any time: 

ipfw list | awk '{ if($1 >= 55000 && $1 <= 55050) print $5 }'

IPv6 support

If you want IPv6 support, check ip6fw (instead of ipfw) to make the same adjustments. Sshguard will automatically interface to this chain when IPv6 addresses need to be blocked.

Lates Releases View all»

  • sshguard 1.5 This is a milestone release, coming after 18 months ...
  • sshguard 1.5 Sshguard monitors services through their logging activity. It reacts ...
  • sshguard 1.5rc4 This release candidate fixes the last known bugs submitted ...

F.A.Q. View all»