Menu
▾
▴
Re: [SSHGuard-users] Initializing (null) firewall
|
From: Petri R. <pet...@me...> - 2017-12-26 15:15:13
|
> I use sshguard 2.0.0 with FreeBSD 10.3. I noticed that ssh bruteforce attacks not beeing blocked by sshguard. While I analyzed the behaviour I found out that pfctl -T show -t sshguard shows no result, but when I restart ssh guard via service sshguard restart I am able to see the folling output: > > ===>>> Initializing (null) firewall > ===>>> Blocking 87.173.65.62 (null) > ===>>> Blocking 37.228.134.110 (null) > ===>>> Blocking 176.9.19.16 (null) I am no authority on this, but are you using the correct backend? In /usr/local/etc/sshguard.conf enable the correct backend. I am using ipfw, but apparently you are using pf. The default is null, which might produce the output you are seeing - I haven’t tried it out. The upgrade from 1.x to 2.0 wasn’t smooth. It took me a while to get things back the way they used to be. There used to be a separate port for each backend. Now there is only one port, but you must select the backend you are using. Another detail that bit me: The /usr/local/etc/sshguard.whitelist is disabled by default in the .conf file. If you want to whitelist some addresses, enable the whitelist first. Took me a while to figure out as well. br, Petri |
