Re: [SSHGuard-users] "should have already been blocked"

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> Cliff notes version:
> -----------------
> auth.log.2.bz2:Nov 19 23:07:13 theranch sshguard[803]: blacklist: added 186.125.190.156
> auth.log.2.bz2:Nov 19 23:07:13 theranch sshguard[803]: 186.125.190.156: blocking forever (3 attacks in 2 secs, after 1 abuses over 2 secs)
> auth.log.2.bz2:Nov 19 23:07:13 theranch sshguard[803]: 186.125.190.156: should already have been blocked
> ----------------

Have you run 
  ipfw "add 55000 deny ip from table(22) to me”
It should be in your startup scripts someplace. Without it SSHGuard works, but the collected IPs aren’t used anywhere.

This baffled me first when I started using SSHGuard. The FreeBSD port doesn’t add that automatically, because it doesn’t want to mess your firewall setup. The rule number depends on your existing rules. 

-- 
Cheers
Petri
GSM +358 400 505 939

Re: [SSHGuard-users] "should have already been blocked"

Intelligently block brute-force attacks by aggregating system logs

Re: [SSHGuard-users] "should have already been blocked"