Menu
▾
▴
[Sshguard-users] Problem blocking IP with sshguard 1.0 on FreeBSD
|
From: Ryan P. <tro...@gm...> - 2007-12-12 15:11:25
|
Hi All, I have been using the pre-1.0 release perfectly fine, but something broke with the latest ports update to 1.0. It doesn't appear that a user is getting blocked by the firewall. Any help would be appreciated. Thanks, Ryan pf config: table <sshguard> persist pass in all pass out all # block all incoming packets but allow ssh, pass all outgoing tcp and udp # connections and keep state, logging blocked packets. block in all block return-rst out quick proto tcp from any to any port 113 block in quick on $ext_if from <block_hosts> to any block in quick on $ext_if from <sshguard> to any ... auth.log: Dec 11 23:59:27 zeus sshguard[61062]: Releasing 77.246.240.82 after 539 seconds. Dec 11 23:59:27 zeus sshguard[61062]: Setting environment: SSHG_ADDR=77.246.240.82;SSHG_ADDRKIND=4;SSHG_SERVICE=10. Dec 11 23:59:27 zeus sshguard[61062]: Run command "/sbin/pfctl -Tdel -t sshguard $SSHG_ADDR": exited 0. Dec 11 23:59:27 zeus sshguard[61062]: Releasing 77.246.240.82 after 538 seconds. Dec 11 23:59:27 zeus sshguard[61062]: Setting environment: SSHG_ADDR=77.246.240.82;SSHG_ADDRKIND=4;SSHG_SERVICE=10. Dec 11 23:59:27 zeus sshguard[61062]: Run command "/sbin/pfctl -Tdel -t sshguard $SSHG_ADDR": exited 0. Dec 11 23:59:27 zeus sshguard[61062]: Releasing 77.246.240.82 after 537 seconds. Dec 11 23:59:27 zeus sshguard[61062]: Setting environment: SSHG_ADDR=77.246.240.82;SSHG_ADDRKIND=4;SSHG_SERVICE=10. Dec 11 23:59:27 zeus sshguard[61062]: Run command "/sbin/pfctl -Tdel -t sshguard $SSHG_ADDR": exited 0. Dec 11 23:59:27 zeus sshguard[61062]: Releasing 77.246.240.82 after 535 seconds. Dec 11 23:59:27 zeus sshguard[61062]: Setting environment: SSHG_ADDR=77.246.240.82;SSHG_ADDRKIND=4;SSHG_SERVICE=10. Dec 11 23:59:27 zeus sshguard[61062]: Run command "/sbin/pfctl -Tdel -t sshguard $SSHG_ADDR": exited 0. Dec 11 23:59:27 zeus sshguard[61062]: Releasing 77.246.240.82 after 534 seconds. Dec 11 23:59:27 zeus sshguard[61062]: Setting environment: SSHG_ADDR=77.246.240.82;SSHG_ADDRKIND=4;SSHG_SERVICE=10. Dec 11 23:59:27 zeus sshguard[61062]: Run command "/sbin/pfctl -Tdel -t sshguard $SSHG_ADDR": exited 0. Dec 11 23:59:27 zeus sshguard[61062]: Releasing 77.246.240.82 after 531 seconds. Dec 11 23:59:27 zeus sshguard[61062]: Setting environment: SSHG_ADDR=77.246.240.82;SSHG_ADDRKIND=4;SSHG_SERVICE=10. Dec 11 23:59:27 zeus sshguard[61062]: Run command "/sbin/pfctl -Tdel -t sshguard $SSHG_ADDR": exited 0. Dec 11 23:59:27 zeus sshguard[61062]: Releasing 77.246.240.82 after 526 seconds. Dec 11 23:59:27 zeus sshguard[61062]: Setting environment: SSHG_ADDR=77.246.240.82;SSHG_ADDRKIND=4;SSHG_SERVICE=10. Dec 11 23:59:27 zeus sshguard[61062]: Run command "/sbin/pfctl -Tdel -t sshguard $SSHG_ADDR": exited 0. Dec 12 00:00:01 zeus sshguard[61062]: Got exit signal, flushing blocked addresses and exiting... Dec 12 00:00:01 zeus sshguard[61062]: Run command "/sbin/pfctl -Tflush -t sshguard": exited 0. Dec 12 00:00:01 zeus sshguard[83693]: Started successfully [(a,p,s)=(4, 420, 1200)], now ready to scan. Dec 12 00:00:20 zeus postfix/smtpd[83948]: sql auxprop plugin using mysql engine Dec 12 00:00:20 zeus sshd[83929]: reverse mapping checking getaddrinfo for 240-82.umostel.ru [77.246.240.82] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 12 00:00:20 zeus sshd[83929]: Invalid user alexis from 77.246.240.82 Dec 12 00:00:20 zeus sshguard[83693]: Matched IP address 77.246.240.82 Dec 12 00:00:21 zeus sshd[83930]: reverse mapping checking getaddrinfo for 240-82.umostel.ru [77.246.240.82] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 12 00:00:21 zeus sshd[83930]: Invalid user alexis from 77.246.240.82 Dec 12 00:00:21 zeus sshguard[83693]: Matched IP address 77.246.240.82 Dec 12 00:00:21 zeus sshd[83931]: reverse mapping checking getaddrinfo for 240-82.umostel.ru [77.246.240.82] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 12 00:00:21 zeus sshd[83931]: Invalid user alexis from 77.246.240.82 Dec 12 00:00:21 zeus sshguard[83693]: Matched IP address 77.246.240.82 Dec 12 00:00:21 zeus sshd[83934]: reverse mapping checking getaddrinfo for 240-82.umostel.ru [77.246.240.82] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 12 00:00:21 zeus sshd[83934]: Invalid user alexis from 77.246.240.82 Dec 12 00:00:21 zeus sshd[83933]: reverse mapping checking getaddrinfo for 240-82.umostel.ru [77.246.240.82] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 12 00:00:21 zeus sshd[83933]: Invalid user alexis from 77.246.240.82 Dec 12 00:00:21 zeus sshguard[83693]: Matched IP address 77.246.240.82 Dec 12 00:00:21 zeus sshguard[83693]: Blocking 77.246.240.82: 4 failures over 1 seconds. Dec 12 00:00:21 zeus sshguard[83693]: Setting environment: SSHG_ADDR=77.246.240.82;SSHG_ADDRKIND=4;SSHG_SERVICE=10. Dec 12 00:00:21 zeus sshguard[83693]: Run command "/sbin/pfctl -Tadd -t sshguard $SSHG_ADDR": exited 0. Dec 12 00:00:21 zeus sshguard[83693]: Matched IP address 77.246.240.82 Dec 12 00:00:21 zeus sshd[83935]: reverse mapping checking getaddrinfo for 240-82.umostel.ru [77.246.240.82] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 12 00:00:21 zeus sshd[83935]: Invalid user alexis from 77.246.240.82 Dec 12 00:00:21 zeus sshguard[83693]: Matched IP address 77.246.240.82 Dec 12 00:00:21 zeus sshd[83938]: reverse mapping checking getaddrinfo for 240-82.umostel.ru [77.246.240.82] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 12 00:00:21 zeus sshd[83938]: Invalid user alexis from 77.246.240.82 Dec 12 00:00:21 zeus sshguard[83693]: Matched IP address 77.246.240.82 Dec 12 00:00:21 zeus sshd[83942]: reverse mapping checking getaddrinfo for 240-82.umostel.ru [77.246.240.82] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 12 00:00:21 zeus sshd[83942]: Invalid user alexis from 77.246.240.82 Dec 12 00:00:21 zeus sshguard[83693]: Matched IP address 77.246.240.82 |
