Ok, I have posted this over at R-fx Networks, but I have not received a reply yet. I hope that someone here will have some insight into how I can fix this... I am having problems with BFD. I just installed the latest version of APF and BFD but now BFD will not add attackers to the block list. I have looked at the sshd rules file and it is looking in the /var/log/messages log for sshd but when I run "grep sshd /var/log/messages" I return nothing. However when I "grep sshd /var/log/secure" I return several results that include the attacks. My bfd_log file is empty. BFD is running in the cron every 10 minutes. How can I fix this so it will block attackers again? Should the sshd rule be looking at the messages log or the secure log? Also should: Code: # Do kernel logging USE_KLOG="1" be set to 1 or 0?