Let's fix my question now:
1, Installed sshguard: security/sshguard-ipfilter
2, uncommented in /etc/syslog.conf:
3, config syslogd and ipfilter in /etc/rc.conf:
4, config ipfilter with sshguard in /etc/ipf.rules then restart ipfilter "/etc/rc.d/ipfilter restart"
sshguard will insert block ip rule to "begin ... end"
your pass rule must after ##sshguard-end## rule.
Now if user input a error password, his IP may be auto be refused by sshguard and ipfilter.
Why say "may be", because sshguard will automatically determin whether the illegal entry of your.
Please be careful if you enter the correct password.
1, Installed sshguard: security/sshguard-ipfilter
2, uncommented in /etc/syslog.conf:
Code:
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
3, config syslogd and ipfilter in /etc/rc.conf:
Code:
syslogd_enable="YES"
syslogd_flags="-ss" # local log
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
4, config ipfilter with sshguard in /etc/ipf.rules then restart ipfilter "/etc/rc.d/ipfilter restart"
Code:
##sshguard-begin##
##sshguard-end##
your pass rule must after ##sshguard-end## rule.
Now if user input a error password, his IP may be auto be refused by sshguard and ipfilter.
Why say "may be", because sshguard will automatically determin whether the illegal entry of your.
Please be careful if you enter the correct password.