Menu
▾
▴
Re: [Sshguard-users] Patch to fix blacklist loading with ipfw
|
From: Greg P. <gr...@n0...> - 2015-06-07 15:40:04
|
On May 29, 2015, at 15:18 , Kevin Zheng <kev...@gm...> wrote: > > Signed PGP part > On 05/26/2015 22:08, Greg Putrich wrote: > > It would certainly keep the rules tidier. At 200 rules from > > sshguard, that's becoming a mess, but still manageable. For a > > popular Internet host, it could easily become thousands/tens of > > thousands which becomes silly in trying to manage the other normal > > rules. > > > > I think the table would be a good option to keep order to the rule > > set. While we would miss out on seeing which addresses are active, > > I don't think that is all of that big of a concern (at worst, clear > > the table to start over and the frequent pests would be blocked > > quickly again). > > The new backend is now available in the 'ipfw' branch of the Bitbucket > repository. This time I was able to actually test it, and it appears > to work reasonably well. In order to use it, you will need a rule like > the following in your ipfw ruleset: > > reset ip from table(22) to me > > Currently, SSHGuard uses a fixed table number, '22', to store > blacklisted addresses. This table is cleared when SSHGuard exits. > > If there are no issues with this backend, it should appear in the > 'master' branch and will be backported to 1.6. > > Thanks, > Kevin Zheng > > -- > Kevin Zheng > kev...@gm... | ke...@kd... | PGP: 0xC22E1090 I’ve been running this for the past week and its been working fine. When sshguard is stopped, table 22 is cleared out, when its started, it re-populates the table. My tables currently has 42 IP addresses and I had started with nothing existing in blacklist.db (I did test with my old list of 200+ addresses, but decided to start fresh to watch for new IP addresses). Thanks, Greg Putrich |
