This is the standard way for sshguard to protect ssh connections including all else, but I think its only design work for black/white listing ...
block in quick on $ext_if from <sshguard> label "ssh bruteforce"
What is the difference in these two rules below? How do they work? I’m guessing that the one with inet is used to protect a server and the one without is more suited for a desktop or workstation. Both are doing logging, but one has also added a way to do blacklisting. If so, I wonder if they can be combine like explain below in the block drop method. My main concern is which is best, and why.
What would happen if I add the "ssh bruteforce" part to the one with the inet type rule, or is it even possible? If this sequent does works, what would it be doing?
If it don’t work, how should it be written?
block in quick on $ext_if from <sshguard> label "ssh bruteforce"
What is the difference in these two rules below? How do they work? I’m guessing that the one with inet is used to protect a server and the one without is more suited for a desktop or workstation. Both are doing logging, but one has also added a way to do blacklisting. If so, I wonder if they can be combine like explain below in the block drop method. My main concern is which is best, and why.
Code:
block in log quick on $ext_if from <sshguard> label "ssh bruteforce"
...
block drop in log quick on $ext_if inet from <sshguard> to any
Code:
block drop in log quick on $ext_if inet from <sshguard> label "ssh bruteforce"