Menu
▾
▴
Re: [Sshguard-users] Release command failed
|
From: David V. K. <dk...@su...> - 2007-04-05 12:54:16
|
I have moved my SSH accept rule to a higher number than 55050 which solves the issues I mentioned. Many thanks for your prompt replies! -David On 03.04.2007, at 23:48, Mij wrote: > I suppose you opted in for "Use IPFW as firewall backend". > > In this case, can you see blocking rules just after a "Blocking > 1.2.3.4: 4 failures over X seconds"? > get ipfw rules with "ipfw list". Sshguard rule IDs in IPFW range > between 55000 and 55050 by default. > > It is likely that you have ssh enabled in a higher rules, so those > blocking rules are not passed (IPFW > has a "first match win" policy) > > > On 03/apr/07, at 23:20, David V. Kocher wrote: > >> I use IPFW. The sshguard version installed is from ports >> (sshguard-0.91_1) [1]. >> >> -David >> >> [1] http://www.freshports.org/security/sshguard/ >> >> On 03.04.2007, at 23:01, Mij wrote: >> >>> hello david >>> >>> what firewall are you using on you freebsd box? Is the sshguard fw >>> backend consistent with it? >>> >>> >>> On 03/apr/07, at 17:27, David V. Kocher wrote: >>> >>>> I can see the following in my log >>>>> Apr 2 20:23:19 gdp-bsd-231-218 sshguard[118]: Blocking >>>>> 195.140.140.35: 4 failures over 0 seconds. >>>>> Apr 2 20:23:19 gdp-bsd-231-218 sshd[782]: Failed password for >>>>> illegal user rpc from 195.140.140.35 port 47790 ssh2 >>>>> Apr 2 20:23:20 gdp-bsd-231-218 sshd[787]: Failed password for >>>>> illegal user gopher from 195.140.140.35 port 47817 ssh2 >>>>> Apr 2 20:30:44 gdp-bsd-231-218 sshguard[118]: Release command >>>>> failed. Exited: 17664 >>>>> >>>> >>>> I am wondering why there are still failed login attempts after >>>> sshguard claims to have blocked the IP address in question and what >>>> the 'Release command failed' error message which appears numerous >>>> times means. >>>> >>>> My system is FreeBSD 5.4-RELEASE-p14. >>>> >>>> Thanks. >>>> -David >>>> >>>> ------------------------------------------------------------------- >>>> - >>>> -- >>>> --- >>>> Take Surveys. Earn Cash. Influence the Future of IT >>>> Join SourceForge.net's Techsay panel and you'll get the chance to >>>> share your >>>> opinions on IT & business topics through brief surveys-and earn >>>> cash >>>> http://www.techsay.com/default.php? >>>> page=join.php&p=sourceforge&CID=DEVDEV >>>> _______________________________________________ >>>> Sshguard-users mailing list >>>> Ssh...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sshguard-users >>> >>> >>> -------------------------------------------------------------------- >>> - >>> ---- >>> Take Surveys. Earn Cash. Influence the Future of IT >>> Join SourceForge.net's Techsay panel and you'll get the chance to >>> share your >>> opinions on IT & business topics through brief surveys-and earn cash >>> http://www.techsay.com/default.php? >>> page=join.php&p=sourceforge&CID=DEVDEV >>> _______________________________________________ >>> Sshguard-users mailing list >>> Ssh...@li... >>> https://lists.sourceforge.net/lists/listinfo/sshguard-users >>> >> > > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > |
