sshguard on FreeBSD

Here’s what you need to do (FreeBSD 10.1):

cd /usr/ports/security/sshguard && make install

insert into pf.conf, modifying for the correct interface name:

table <sshguard> persist

block in quick on vtnet0 proto tcp from <sshguard> to any port 22 label "ssh bruteforce"

insert into rc.conf:

pf_enable="YES"

sshguard_enable="YES"

Then:

/usr/local/etc/rc.d/sshguard start

To show the contents of the resulting pf table:

sudo pfctl -t sshguard -T show

p.s. Thanks to RS for the pointer.