[Sshguard-users] SSHGuard 1.5.0 on OS X Lion: sshguard cannot write to ipfw

[Daniel I G. <dgo...@st...>]

Hi all,

I'm using SSHguard 1.5.0 from macports on OS X lion. To test whether ssh
guard is working, I've logged onto a different computer and attempted to
"break in" to my server by SSHing in with invalid username/password combos.
After four invalid attempts, I see this message in system.log (I've
redacted hostnames and IP addresses):

Jun  5 10:29:58 my_hostname sshguard[16887]: Blocking xxx.xxx.xxx.xxx:4 for
>630secs: 40 danger in 4 attacks over 6 seconds (all: 40d in 1 abuses over
6s).
Jun  5 10:29:58 my_hostname org.macports.sshguard[16883]: No ALTQ support
in kernel
Jun  5 10:29:58 my_hostname org.macports.sshguard[16883]: ALTQ related
functions disabled
Jun  5 10:29:58 my_hostname org.macports.sshguard[16883]: 1/1 addresses
added.

However, when I list the ipfw rules, nothing is there:
$ sudo ipfw list
65535 allow ip from any to any

And I can continue to attempt to log in from my other computer.

sshguard is running as root, as verified by ps:

[my_user@my_hostname my_username]$ ps aux|grep sshguard
my_user        17075   0.0  0.0  2434892    572 s001  R+   10:37AM
0:00.00 grep --color sshguard
root           16998   0.0  0.0  2445088    916   ??  S    10:32AM
0:00.02 /opt/local/sbin/sshguard -l /var/log/system.log -l
/var/log/secure.log -w /opt/local/etc/sshguard/whitelist -b
50:/opt/local/var/db/sshguard/blacklist.db -s 3600
root           16995   0.0  0.0  2435492    832   ??  S    10:32AM
0:00.00 /bin/sh /opt/local/libexec/sshguard/sshguard-options-wrapper
root           16994   0.0  0.0  2466876   1180   ??  Ss   10:32AM
0:00.00 /opt/local/bin/daemondo --label=sshguard --start-cmd
/opt/local/libexec/sshguard/sshguard-options-wrapper ; --pid=exec


So I don't understand why sshguard isn't writing to ipfw. Can anyone offer
any debugging suggestions?

Thank you!
Dan