Menu
▾
▴
Re: [Sshguard-users] SSHGuard 1.6.1 release announcement
|
From: Alastair H. <ag...@fa...> - 2015-08-05 13:16:31
|
On 2015-08-02 Sun 13:36:37 -0500 Gregory Putrich, wrote: > For IPFW, did the change to use a table instead of individual rules make > it in? I’ve installed 1.6.1 on FreeBSD from the ports (sshguard-ipfw) and > its still creating individual rules, and also it crashes on start if the > blacklist is larger than 4 lines or so. If you want to make use of a table id in ifpw follow these steps below: # pkg install security/sshguard-null # sysrc sshguard_flags="-e /usr/local/sbin/sshguard-null" $ cat /usr/local/sbin/sshguard-null #!/bin/sh # Source: # http://sourceforge.net/p/sshguard/mailman/message/34151601/ fwcmd="/sbin/ipfw" table_id="sshguard" print_debug="0" fwcmd_debug() { if [ ${print_debug} -gt 0 ]; then /usr/bin/logger -i -p local0.notice -t sshguard-null ${@} fi } fwcmd_debug "${0}: Incoming sshguard(8) action" case ${SSHG_ACTION} in init) # create table? fwcmd_debug "${SSHG_ACTION}" ;; fin) fwcmd_debug "${fwcmd} table ${table_id} flush" ${fwcmd} table ${table_id} flush ;; block) fwcmd_debug "${fwcmd} table ${table_id} add ${SSHG_ADDR}" ${fwcmd} table ${table_id} add ${SSHG_ADDR} ;; block_list) for a in `echo ${SSHG_ADDR} | sed 's/,/ /g'` ; do fwcmd_debug "${fwcmd} table ${table_id} add ${a}" ${fwcmd} table ${table_id} add ${a} done ;; release) fwcmd_debug "${fwcmd} table ${table_id} delete ${SSHG_ADDR}" ${fwcmd} table ${table_id} delete ${SSHG_ADDR} ;; flush) fwcmd_debug "${fwcmd} table ${table_id} flush" ${fwcmd} table ${table_id} flush ;; *) fwcmd_debug "${SSHG_ACTION} unsupported" ;; esac exit 0 I have been using this method on FreeBSD-11-CURRENT for >3 weeks now & have not observed any crashes. sshguard & ipfw continue to function as expected. > Thanks, > Greg > > On Jul 31, 2015, at 20:07 , Kevin Zheng <kev...@gm...> wrote: > > > > Signed PGP part > > Greetings, > > > > I am pleased to announce the release of SSHGuard 1.6.1 [1]. This > > release is primarily a bugfix release that fixes a few late-breaking > > issues from 1.6.0 while incorporating a few feature improvements. This > > release was slightly delayed by a recent SourceForge outage. > > > > Changes in this release include: > > > > - Accept "Received disconnect" with optional prefix > > - Add support for socklog entries > > - Fix 'ipfw-rules-range' option in configure script > > - Fix build for 'ipfw' and 'hosts' backends > > - Fix integer comparisons of different types > > - Match attacks when syslog debugging is enabled > > > > Many thanks to the contributors who reported issues or sent in patches > > to fix them. Special thanks to the FreeBSD community for reporting and > > fixing a number of problems amended in this release. > > > > As usual, please report any bugs, build failures, or other issues to > > the mailing list or the Bitbucket tracker [2]. > > > > Very best, > > Kevin Zheng > > > > [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.6.1/ > > [2] https://bitbucket.org/sshguard/sshguard/issues/ > > > > -- > > Kevin Zheng > > kev...@gm... | ke...@kd... | PGP: 0xC22E1090 > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Sshguard-users mailing list > > Ssh...@li... > > https://lists.sourceforge.net/lists/listinfo/sshguard-users > > ------------------------------------------------------------------------------ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users -- What good is having someone who can walk on water if you don't follow in his footsteps? |
