# Show addresses blocked by sshguard



## max21 (Sep 18, 2017)

This will show ALL the addresses blocked by sshguard to iptables. ..

```
iptables -nvL sshguard
```
Is there an equivalent command or script that could do the same for Packet Filter?


----------



## scrappywan (Sep 18, 2017)

`# pfctl -t sshguard -T show`

You can also delete an IP address from the list using `# pfctl -t sshguard -T delete <ip address>`.


----------



## max21 (Sep 19, 2017)

scrappywan said:


> `# pfctl -t sshguard -T show`
> 
> You can also delete an IP address from the list using `# pfctl -t sshguard -T delete <ip address>`.


I guest I’m out of luck for a while, All I get is a empty prompt.  Every now and then, like weeks apart I catch the sshguard is flushing blocked addresses message at reboot time.  I reboot 20 – 30 times per day testing all kind of stuff pf and desktop-wise so that could be why the kiddy has to set-up to re-find me each and every time. .. ha ha. 

I’m going to somehow include that command in my reboot script, copy the message (or whatever it is) to a file then let sshguard destroy it without previous warning - - as usual.  FreeBSD saves logs for reasons, why not he.  It got to be something I’m not doing either.  But still - my PF rules with sshguard must have been doing a darn good job – this is going to prove it.  I’m glad someone keeps trying to hack me, otherwise I would never know what to do when the real tough get going.  Thanks a ton scrappywan, you already know it’s the icing on the cake!


----------



## SirDice (Sep 19, 2017)

I ran into this too. Was wondering why sshguard looked like it was blocking but the table stayed empty. There's been a change recently in the port. You need to specifically enable PF in the configuration file. 


```
#### REQUIRED CONFIGURATION ####
# Full path to backend executable (required, no default)
BACKEND="/usr/local/libexec/sshg-fw-pf"
#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
#BACKEND="/usr/local/libexec/sshg-fw-pf"
```
All backends are disabled by default making sshguard a no-op.


----------

