Menu
▾
▴
[Sshguard-users] sshguard doesn't add to pf sshguard table?
|
From: Kacper W. <ka...@on...> - 2008-09-09 03:59:20
|
Hello all,
I've setup sshguard-pf 1.1 to run through syslog as recommended:
# pkg_info | grep sshguard
sshguard-pf-1.1_1 Protect hosts from brute force attacks against ssh and othe
# cat /etc/syslog.conf | grep sshguard
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
and it reports that it runs fine:
# cat /var/log/auth.log | grep sshguard
Sep 8 12:00:00 interzone sshguard[35281]: Started successfully
[(a,p,s)=(4, 420, 1200)], now ready to scan.
x
Sep 8 12:20:36 interzone sshguard[35281]: Blocking XX.XX.XX.XX: 4
failures over 6 seconds.
Sep 8 12:38:36 interzone sshguard[35281]: Releasing XX.XX.XX.XX after
445 seconds.
(..output cropped for brevity..)
my pf.conf is set up to work with sshguard:
# cat /etc/pf.conf | grep sshguard
table <sshguard> persist
block in quick on $ext_if proto tcp from <sshguard> to any port 22
label "ssh bruteforce"
yet when I look at what pf is doing, I see no addresses added to the
sshguard table, nor do I see any incoming packets blocked through
pflog:
# pfctl -t sshguard -vTshow
No ALTQ support in kernel
ALTQ related functions disabled
# tcpdump -n -e -ttt -i pflog0
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
(nothing)
Now, I'm sure I've fumbled something - why aren't sshguard blocked IPs
being added to the pf table?
TIA,
Kacper Wysocki
--
http://kacper.doesntexist.org
Employ no technique to gain supreme enlightment.
- Mar pa Chos kyi blos gros
|
