I downloaded the 1.4rc4, compiled it with the IPFW option and set the rule
range to 11000-11999, make'd and make installed with no problems.
I used the tail | sshguard method and tested with an invalid username and
garbage password. Sure enough, sshguard generated an IPFW rule blocking the
computer I was coming from (192.168.0.198).
services:~ me: sudo ipfw list
Password:
01000 allow ip from any to any via lo0
01010 deny ip from any to 127.0.0.0/8
01020 deny ip from 224.0.0.0/4 to any in
01030 deny tcp from any to 224.0.0.0/4 in
11136 deny ip from 192.168.0.198 to me
12300 allow tcp from any to any established
12301 allow tcp from any to any out
12302 allow tcp from any to any dst-port 22
12302 allow udp from any to any dst-port 22
12303 allow udp from any to any out keep-state
12304 allow tcp from any to any dst-port 53 out keep-state
12304 allow udp from any to any dst-port 53 out keep-state
12305 allow udp from any to any in frag
12306 allow tcp from any to any dst-port 311
12307 allow tcp from any to any dst-port 625
12308 allow udp from any to any dst-port 626
12309 allow icmp from any to any icmptypes 8
12310 allow icmp from any to any icmptypes 0
12311 allow igmp from any to any
65534 deny ip from any to any
65535 allow ip from any to any
But oddly, the firewall is not blocking access from that computer (I can
pull up the web page hosted by the server, continue to ssh, etc)
I'm suspecting the "me" token is being misinterpreted by the version of IPFW
running here.
Can anyone else share their experiences with sshguard on OS X Server?
|
