Menu
▾
▴
Re: [SSHGuard-users] sshguard restart and ipfw table 22 rewritten
|
From: <li...@la...> - 2016-06-10 15:10:12
|
<html><head></head><body lang="en-US" style="background-color: rgb(255, 255, 255); line-height: initial;"> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">Unfortunately I'm not in a location to check my server, but all I did in rc.conf is enable sshguard. I edited a different file to set parameters. It is the file that contains the regex.</div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><span style="font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; font-size: initial; text-align: initial; line-height: initial;"><br></span></div> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br style="display:initial"></div> <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"></div> <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>chebo</div><div><b>Sent: </b>Friday, June 10, 2016 11:03 AM</div><div><b>To: </b>ssh...@li...</div><div><b>Subject: </b>[SSHGuard-users] sshguard restart and ipfw table 22 rewritten</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style=""><div>Hello. I use a translator.<br><br>My apologies if I'm doing something wrong. The first time I use a mailing list in this situation. </div><div><span data-align="222:229">I found</span><span> </span><span data-align="230:250">a similar problem</span><span>, </span><span data-align="252:269">but the final</span><span> </span><span data-align="270:276">answer</span><span> </span><span data-align="277:284">is not there</span><span> </span><span data-align="285:344">https://sourceforge.net/p/sshguard/mailman/message/35119986</span><span>/</span></div><div>I wanted to write directly to the author of the last letter, but his address closed.<br>______________<br>My problem.<br><br>1. The guard blocked my host and added it to the blacklist.<br>2. I can see it in the blacklist and with the command: ipfw table 22 list.<br>3. I removed the host from the blacklist (vi /var/db/sshguard/blacklist.db) and then removed from the table 22 (table 22 ipfw delete 192.168.0.1).<br>4. After every reboot of the computer or just restarting the daemon. The host again 5. appears in table 22 and disappears from there after 5 minutes.<br><br>Why? From there he is taken if the blacklist is empty. </div><div> </div><div>____________</div><div>I installed from the latest ports sshguard-ipfw-1.6.4_1<br>OS - Freebsd 10.3<br><br>I tried to use the defaults and changed.<br><br>sshguard_enable="yes"<br>sshguard_watch_logs="/var/log/auth.log"<br>sshguard_danger_thresh="30"<br>sshguard_blacklist="100:/var/db/sshguard/blacklist.db"<br>sshguard_release_interval="120"<br>#sshguard_reset_interval="1800"<br>#sshguard_whitelistfile=/var/db/sshguard/whitelist.db<br>#shguard_flags=""</div><div> </div><div>-- </div><br><!--end of _originalContent --></div></body></html> |
