[Sshguard-users] abort when reinstating blacklist on OS X

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I was just checking my sshguard installation, and it looks like it's been consistently aborting and restarting for the last few days. I dug into it, and it appears that ipfw doesn't like to take more than 15 arguments in an address list on OS X (Lion)

#0  0x00007fff8903a82a in __kill ()
(gdb) where
#0  0x00007fff8903a82a in __kill ()
#1  0x00007fff8b0f7a9c in abort ()
#2  0x00007fff8b12a5de in __assert_rtn ()
#3  0x000000010ba6b97a in ipfwmod_buildblockcommand (ruleno=55042, addresses=0x10bb017f0, addrkind=6, command=0x10baa5e40 "/sbin/ipfw", args=0x10baa5ea0 "add 55043 drop ip from 157.253.195.193,62.76.41.77,222.134.33.132,121.61.118.112,62.150.149.87,95.173.187.38,193.109.162.121,31.3.235.2,202.78.239.203,202.75.218.139,8.25.218.88,221.207.229.6,78.189.1"...) at ipfw.c:291
#4  0x000000010ba6afa8 in fw_block_list (addresses=0x10bb017f0, addrkind=6, service_codes=0x10bb018a0) at ipfw.c:134
#5  0x000000010ba5d08f in process_blacklisted_addresses () at sshguard.c:570
#6  0x000000010ba5bb47 in main (argc=5, argv=0x7fff6b658c60) at sshguard.c:207

# /sbin/ipfw add 55043 drop ip from 157.253.195.193,62.76.41.77,222.134.33.132,121.61.118.112,62.150.149.87,95.173.187.38,193.109.162.121,31.3.235.2,202.78.239.203,202.75.218.139,8.25.218.88,221.207.229.6,78.189.106.136,218.108.0.91,195.228.135.138,220.172.191.31 to me
ipfw: getsockopt(IP_FW_ADD): Invalid argument

Running it with one fewer address works. Has anyone else run into this problem, and have a workaround?

[Sshguard-users] abort when reinstating blacklist on OS X

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] abort when reinstating blacklist on OS X