Blocking addresses with iptables
In this scenario, the host running sshguard runs iptables, that has to be configured for accepting blocking rules from sshguard.
Adding a blocking chain for sshguard
Let iptables create a new chain in which sshguard will append blocking rules:
# for regular IPv4 support: iptables -N sshguard # if you want IPv6 support as well: ip6tables -N sshguard
Update the INPUT chain to also pass the traffic to the sshguard chain at the very end of its processing. Specify in --dport all the ports of services your sshguard protects. If you want to prevent attackers from doing any traffic to the host, remove the option completely:
# block any traffic from abusers
iptables -A INPUT -j sshguard
ip6tables -A INPUT -j sshguard
-- or --
# block abusers only for SSH, FTP, POP, IMAP services (use "multiport" module)
iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143 -j sshguard
ip6tables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143 -j sshguard
Verify that you have NOT a default allow rule passing all ssh traffic higher in the chain. Verify that you have NOT a default deny rule blocking all ssh traffic in your firewall. In either case, you already have the skill to adjust your firewall setup.
Making configuration persistent
When rebooting, most systems reset the firewall configuration by default. To preserve your configuration, you usually use the iptables-save and iptables-restore utilities. However, each Linux variant has its own right way
: