# SSHGUARD setup with IPFW



## alelab (Sep 25, 2015)

Hi,

I installed and configured IPFW on my box. I installed security/sshguard-ipfw to block unwanted SSH connections.

I search and read a lot of thing on Internet, but I did not found reply to the following question : the line sshguard_enable="YES" in /etc/rc.conf is requested or not with this port?
Without this line in /etc/rc.conf, IP addresses seem to be blocked as expected:

```
Sep 25 18:39:27 BoxName sshguard[7243]: Blocking 62.212.230.2:4 for >945secs: 40 danger in 4 attacks over 514 seconds (all: 80d in 2 abuses over 2059s).
```
With the command `$ sudo ipfw list` I can see the blocked IP adresse in the deny list

```
55031 deny ip from 62.212.230.2 to me
```
I assume the line sshguard_enable="YES" is requested only if I install the port security/sshguard. Am I right?

About the blocking rules reservation in IPFW (from rule 55000 to 55050), anyone experienced yet full use of these rules? I mean fifteen addresses are blocked together and how SSHGUARD works in this case for the newest one?

Thank you in advance.


----------

