Note: Unless otherwise specified accept the default options when asked a question during installation.

cd /usr/ports/security/denyhosts
make install clean

Add the next 2 lines to /etc/rc.conf

syslogd_flags="-c"
denyhosts_enable="YES" 

Create the file that controls the blocked IP addresses.

touch /etc/hosts.deniedssh

Create a whitelist control file. This file takes the following format: One IP address pr. line.

touch /usr/local/share/denyhosts/data/allowed-hosts

Modify /etc/hosts.allow to use hosts.deniedssh for controlling blocked IP's. Find the following line.

ALL : ALL : allow 

And add above the following.

sshd : /etc/hosts.deniedssh : deny

Adjust the configuration file for denyhosts.

vi /usr/local/etc/denyhosts.conf

Remove the # infront of the following line.

# BLOCK_SERVICE = sshd

Note: It is also possible to block more than one service if you use a syntax like below.

BLOCK_SERVICE = sshd,ftpd 

Find the lines listed below and adjust the treshold for when denyhosts kickes in.

DENY_THRESHOLD_INVALID

DENY_THRESHOLD_VALID

DENY_THRESHOLD_ROOT

DENY_THRESHOLD_RESTRICTED

Once done start denyhosts.

sh /usr/local/etc/rc.d/denyhosts start

Check denyhosts status:

/usr/local/etc/rc.d/denyhosts status

Start denyhosts:

/usr/local/etc/rc.d/denyhosts start

Stop denyhosts:

/usr/local/etc/rc.d/denyhosts stop

Restart denyhosts:

/usr/local/etc/rc.d/denyhosts restart