Show addresses blocked by sshguard

[max21]

This will show ALL the addresses blocked by sshguard to iptables. ..

iptables -nvL sshguard

Is there an equivalent command or script that could do the same for Packet Filter?

 

[scrappywan]

# pfctl -t sshguard -T show

You can also delete an IP address from the list using # pfctl -t sshguard -T delete <ip address>.

 

[max21]

# pfctl -t sshguard -T show

You can also delete an IP address from the list using # pfctl -t sshguard -T delete <ip address>.

I guest I’m out of luck for a while, All I get is a empty prompt. Every now and then, like weeks apart I catch the sshguard is flushing blocked addresses message at reboot time. I reboot 20 – 30 times per day testing all kind of stuff pf and desktop-wise so that could be why the kiddy has to set-up to re-find me each and every time. .. ha ha.

I’m going to somehow include that command in my reboot script, copy the message (or whatever it is) to a file then let sshguard destroy it without previous warning - - as usual. FreeBSD saves logs for reasons, why not he. It got to be something I’m not doing either. But still - my PF rules with sshguard must have been doing a darn good job – this is going to prove it. I’m glad someone keeps trying to hack me, otherwise I would never know what to do when the real tough get going. Thanks a ton scrappywan, you already know it’s the icing on the cake!

 

[SirDice]

I ran into this too. Was wondering why sshguard looked like it was blocking but the table stayed empty. There's been a change recently in the port. You need to specifically enable PF in the configuration file.

#### REQUIRED CONFIGURATION ####
# Full path to backend executable (required, no default)
BACKEND="/usr/local/libexec/sshg-fw-pf"
#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
#BACKEND="/usr/local/libexec/sshg-fw-pf"

All backends are disabled by default making sshguard a no-op.