Menu
▾
▴
Re: [Sshguard-users] Is sshguard working?
|
From: Willem J. W. <wj...@di...> - 2015-08-13 19:56:58
|
On 13-8-2015 17:10, Kevin Zheng wrote: > On 08/12/2015 20:32, li...@la... wrote: >> I downloaded the development version. Running sshguard -v indicates 1.6.0. > > You'll need to add a rule that looks something like this: > > reset ip from table (22) to me > > Keep in mind that 'ipfw' is a first-rule-wins firewall, which means that > if you have a rule that allows SSH connections, your SSHGuard rule must > have a higher rule number in order to block attacks. If you are adding > the rule from a shell, parenthesis must be escaped. I understand what you say, but I think you ment to say the lowest number? Since parsing start at the lowest (first-rule) number. > > # ipfw add 50 reset ip from table \(22\) to me I would not even reset the connection. Just drop/deny it, and the client needs to time it out. These are bad guys, anything you can do to delay them should be done. --WjW |
