I am running SSHGuard 2.2.0 on FreeBSD 11.2. It successfully captures SSH and SMTPauth failures, creating temporary blocks which appear in IPFW table 22.
I have enabled /var/db/sshguard/blacklist.db and by the time it is growing (currently about 1000 records). I can view it via cat. But IPs in the blacklist are not in table 22 - currently the table is empty.
I am pretty sure SSHguard only add its records into defined table, and has no direct access to the firewall itself. So how could be blacklisted IPs disabled permanently, if they are not in the table 22?
What is wrong? Please advise.
Many thanks in advance. Have a nice day :-)