Sshguard, PF and FreeBSD

We recently had a problem with sshguard. Some IP that were blocked were still able to send packets through because the associated states were not killed properly with pfctl -k $ip. We used an older version until then, so I just did an upgrade to the latest port.

From this point however sshguard did not block anything anymore. In fact it didn’t recognize the correct backend to use to block those IP. Not sure if we always have to specify it manually in the configuration or if there is some kind of broken-autodetect. But you can force the backend inside the configuration file in /usr/local/etc/sshguard.conf (see /usr/local/etc/sshguard.conf.sample):

BACKEND="/usr/local/libexec/sshg-fw-pf"

Leave a Reply