Menu
▾
▴
Re: [Sshguard-users] SSHGuard blocking my home DSL IP
|
From: Kevin Z. <kev...@gm...> - 2016-03-19 00:58:03
|
Hi Robin, On 03/18/2016 09:28, Robin Smith wrote: > I run sshguard with ipfw on a FreeBSD 10.2 virtual box hosted by > RootBSD. The relevant firewall entry is: > > 50000 deny ip from table(22) to me > > I usually access the server from my home location through a DSL line > with AT&T. If I put this rule in the firewall script, then rebooting or > running the script locks me out because sshguard adds my home IP to > table 22. The workaround has been to remove the rule above from > /etc/firewall-rules (the firewall script), make an ssh connection, add > the rule: > ipfw add 50000 deny ip from table\(22\) to me > Then, I look for my home IP in table 22, and upon finding it, I delete > it from the table. (Otherwise, any further ssh connections from my home > location get blocked). > > But why is this happening in the first place? What version of SSHGuard are you running? I'm assuming that turning off SSHGuard makes this problem go away? A temporary workaround could be to use whitelisting. But that's not super helpful if your IP address at home changes. Have you taken a look at /var/log/auth.log, grepping for your home IP, and seeing if any interesting entries turn up? Older versions of SSHGuard treated "reverse getaddrinfo" mismatches as an attack. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
