On Sun, Mar 13, 2016, at 07:36, Petri Riihikallio wrote: > Hello > > After upgrading my ports I noticed the rule "deny ip from table(22) to > me” wasn’t being applied after a reboot. In 1.6.2 it was, if I recall > correctly. When SSHGuard IPFW support was rewritten I had the table rule > in my local config. Then it appeared in the port so I removed mine. I > guess the current situation is an oversight. Just for you to know. >
I'm not aware of sshguard automatically adding the "deny ip from table(22) to me" rule to ipfw. This would be a very difficult thing to do reliably as a complex firewall ruleset may need this deny rule somewhere different than the very first rule. I certainly don't have it as the first rule for my firewall. -- Mark Felder ports-secteam member f...@freebsd.org _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
