[Sshguard-users] sshguard+iptables

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,

I use the following raw file method:
tail -n0 -f /var/log/auth.log | /usr/local/sbin/sshguard -w /etc/sshguard.wl -a 10  -b 10:/etc/sshguard.bl

My iptables default config is 
iptables -N sshguard
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j sshguard

And my chain policies are:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT (just for testing purposes)

So if I have default policy to DROP everything and if it didn't pass any of my default rules - it will be dropped, right?
Until the sshguard chain is empty, I cant access to my ssh server. What could be the solution?

If I start the sshguard, will it immediately add whitelist IP-s to sshguard chain. I cant see them, is there something wrong in my logic?

Thank you in advance!
BR,
z

[Sshguard-users] sshguard+iptables

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] sshguard+iptables