Menu
▾
▴
Re: [SSHGuard-users] Results from running 1.6.4
|
From: <li...@la...> - 2016-05-08 06:48:36
|
Regarding reset or deny, who is the user here? The clown trying to log into the server, or the sysadmin? My first priority would be which uses the least resources of my server. If equal, then I would pick which method wastes the time of the clown trying to break into the network. Original Message From: Kevin Zheng Sent: Saturday, May 7, 2016 11:36 PM To: Carmel; ssh...@li... Subject: Re: [SSHGuard-users] Results from running 1.6.4 On 05/07/2016 06:00, Carmel wrote: > I am running sshguard-ipfw,ver 1.6.4 on a FreeBSD-11 / amd64 machine. I > installed the program via the ports system. > > I was just wondering where you located this new documentation? I have > been interested in exactly what and where to put entries in my "ipfw" > file, or if I even needed them at all. As mentioned before, the setup documentation is here: http://www.sshguard.net/docs/setup/ You need to understand your own firewall to set up SSHGuard. Copying and pasting might work if you're lucky. The 'reset' instead of 'deny' was chosen as a more reasonable default to give users better feedback. Dropping the connection will cause the client to wait for a timeout, while resetting the connection will give the user more meaningful feedback (connection reset by peer). The rule number depends entirely on your ruleset. IPFW is a first-rule-wins firewall, so the rule that allows SSH should have a higher rule number than SSHGuard's rule number. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
