SSHGuard is an intrusion prevention utility that parses logs and automatically blocks misbehaving IP addresses with the system firewall. It’s less configurable than the better-known Fail2Ban but has a smaller resource footprint and ships with full IPv6 support. The newly released SSHGuard version 2.0 have been made easier to configure for new users. It also gained support for FirewallD, ipset, and ipfilter firewall backends on Linux; as well as Capsicum sandboxing support on *BSD.
While we’re still waiting for the next release of Fail2Ban with IPv6 support, I took a look around at some of the alternatives and found an interesting option in SSHGuard. I had to address some Linux compatibility issues when getting started with SSHGuard as the development team was mostly focused on FreeBSD. I submitted patches for those issues and got more involved in the development and release of SSHGuard 2.0 in the process.
New in SSHGuard 2 is that all configuration should be done in a new configuration file rather than modifying the init script or adjusting runtime flags. The new LOGREADER option makes it easier to configure log reading from the systemd journal on Linux and the os_log on macOS.