[Sshguard-users] problem with mac osx lion

[Neal P. <bje...@gm...>]

I have mac osx lion and I got an error message in my log, here is the relevant section:

Nov 28 07:03:58 phirestalker sshd[93189]: Received disconnect from 222.184.230.118: 11: Bye Bye
Nov 28 07:04:00 phirestalker sshd[93192]: Invalid user cgi from 222.184.230.118
Nov 28 07:04:00 phirestalker sshd[93193]: input_userauth_request: invalid user cgi
Nov 28 07:04:00 phirestalker sshd[93193]: Received disconnect from 222.184.230.118: 11: Bye Bye
Nov 28 07:04:02 phirestalker sshd[93194]: Invalid user richie from 222.184.230.118
Nov 28 07:04:02 phirestalker sshd[93195]: input_userauth_request: invalid user richie
Nov 28 07:04:02 phirestalker sshd[93195]: Received disconnect from 222.184.230.118: 11: Bye Bye
Nov 28 07:04:04 phirestalker sshd[93201]: Invalid user shirsh from 222.184.230.118
Nov 28 07:04:04 phirestalker sshd[93204]: input_userauth_request: invalid user shirsh
Nov 28 07:04:04 phirestalker sshd[93204]: Received disconnect from 222.184.230.118: 11: Bye Bye
Nov 28 07:04:06 phirestalker sshd[93227]: Received disconnect from 222.184.230.118: 11: Bye Bye
Nov 28 07:04:08 phirestalker sshd[93234]: Received disconnect from 222.184.230.118: 11: Bye Bye
Nov 28 07:04:10 phirestalker sshd[93236]: Received disconnect from 222.184.230.118: 11: Bye Bye
Nov 28 07:04:12 phirestalker sshd[93237]: Invalid user system from 222.184.230.118
Nov 28 07:04:12 phirestalker sshguard[11459]: Blocking 222.184.230.118:4 for >630secs: 40 danger in 4 attacks over 12 seconds (all: 40d in 1 abuses over 12s).
Nov 28 07:04:12 phirestalker sshd[93238]: input_userauth_request: invalid user system
Nov 28 07:15:18 phirestalker sshguard[11459]: Command "/sbin/ipfw delete 55036" exited 69
Nov 28 07:15:18 phirestalker sshguard[11459]: Release command failed. Exited: -1

it seems to block the person correctly but then tries and fails to unban them. In the unban it is using ipfw but from what I understand lion has switched to pf. A pf.conf is present and filled with things that seem to correlate with the system firewall. The funny thing is ipfw seems to be present as well but non-functional as I had fail2ban installed before and it said it was blocking and the IPs continued to hammer ssh. I have NO idea what is going on, I have found no reference to config files for sshguard in the documentation so how can I get it to use pf instead even though it is on mac and thinks it should use ipfw?

Thanks