[SSHGuard-users] "should have already been blocked"

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Houston...do we have a problem? Using sshguard with ipfw. Details
follow.

uname -a
FreeBSD theranch 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon Oct 24 18:49:24 UTC 2016     ro...@am...:/usr/obj/usr/src/sys/GENERIC  amd64

# sshguard -v
sshguard 1.7.0

Cliff notes version:
-----------------
auth.log.2.bz2:Nov 19 23:07:13 theranch sshguard[803]: blacklist: added 186.125.190.156
auth.log.2.bz2:Nov 19 23:07:13 theranch sshguard[803]: 186.125.190.156: blocking forever (3 attacks in 2 secs, after 1 abuses over 2 secs)
auth.log.2.bz2:Nov 19 23:07:13 theranch sshguard[803]: 186.125.190.156: should already have been blocked
----------------

Here is what I could grep out of the auth.logs that were saved:
http://pastebin.com/yhcHCV4r

Here are the 186.125ers in the ipfw table:

# ipfw table 22 list | grep "186.125*"
186.125.190.156/32 0

So yeah, it is blocked, but then why the message?

Just for yucks:
# ipfw table 22 list| wc -l
    2050

[SSHGuard-users] "should have already been blocked"

Intelligently block brute-force attacks by aggregating system logs

[SSHGuard-users] "should have already been blocked"