# how to config sshguard with ipfilter



## rill (Oct 19, 2010)

Let's fix my question now:

1, Installed sshguard: security/sshguard-ipfilter

2, uncommented in /etc/syslog.conf:

```
auth.info;authpriv.info     |exec /usr/local/sbin/sshguard
```

3, config syslogd and ipfilter in /etc/rc.conf:

```
syslogd_enable="YES"
syslogd_flags="-ss" # local log

ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
```

4, config ipfilter with sshguard in /etc/ipf.rules then restart ipfilter "/etc/rc.d/ipfilter restart"

```
##sshguard-begin##

##sshguard-end##
```
sshguard will insert block ip rule to "begin ... end"
your pass rule must after ##sshguard-end## rule.

Now if user input a error password, his IP may be auto be refused by sshguard and ipfilter.
Why say "may be", because sshguard will automatically determin whether the illegal entry of your.

Please be careful if you enter the correct password.


----------



## SirDice (Oct 19, 2010)

rill said:
			
		

> when I execute sshguard meet the follow error, dmesg -a:


You don't need to execute sshguard. It gets executed when certain syslog messages arrive. That's why you edit syslog.conf.


----------



## rill (Oct 19, 2010)

Where to insert following:
http://www.sshguard.net/docs/setup/firewall/ipfilter/

```
##sshguard-begin##
##sshguard-end##
```

Put it in /etc/ipf.rules?


----------

