Menu
▾
▴
Re: [SSHGuard-users] sshguard restart and ipfw table 22 rewritten
|
From: <li...@la...> - 2016-06-11 11:55:59
|
I think you need to flush the firewall. Editing the db file is not enough. Original Message From: chebo Sent: Saturday, June 11, 2016 7:40 AM To: li...@la...; ssh...@li... Subject: Re: [SSHGuard-users] sshguard restart and ipfw table 22 rewritten I'll answer my question in the first letter. Came to the conclusion. If you use sshguard in the role of demon in each run it reads the logs from the beginning, and blocks everything again. I think it is inconvenient and maybe it can be somehow off. I decided not to bother and to use the method proposed on the official website. I apologize for the inconvenience. 10.06.2016, 18:10, "li...@la..." <li...@la...>: > Unfortunately I'm not in a location to check my server, but all I did in rc.conf is enable sshguard. I edited a different file to set parameters. It is the file that contains the regex. > > From: chebo > Sent: Friday, June 10, 2016 11:03 AM > To: ssh...@li... > Subject: [SSHGuard-users] sshguard restart and ipfw table 22 rewritten > > Hello. I use a translator. > > My apologies if I'm doing something wrong. The first time I use a mailing list in this situation. > I found a similar problem, but the final answer is not there https://sourceforge.net/p/sshguard/mailman/message/35119986/ > I wanted to write directly to the author of the last letter, but his address closed. > ______________ > My problem. > > 1. The guard blocked my host and added it to the blacklist. > 2. I can see it in the blacklist and with the command: ipfw table 22 list. > 3. I removed the host from the blacklist (vi /var/db/sshguard/blacklist.db) and then removed from the table 22 (table 22 ipfw delete 192.168.0.1). > 4. After every reboot of the computer or just restarting the daemon. The host again 5. appears in table 22 and disappears from there after 5 minutes. > > Why? From there he is taken if the blacklist is empty. > > ____________ > I installed from the latest ports sshguard-ipfw-1.6.4_1 > OS - Freebsd 10.3 > > I tried to use the defaults and changed. > > sshguard_enable="yes" > sshguard_watch_logs="/var/log/auth.log" > sshguard_danger_thresh="30" > sshguard_blacklist="100:/var/db/sshguard/blacklist.db" > sshguard_release_interval="120" > #sshguard_reset_interval="1800" > #sshguard_whitelistfile=/var/db/sshguard/whitelist.db > #shguard_flags="" > > -- -- |
