diff -Naur sshguard_MASTER/src/blocker/attack.c sshguard/src/blocker/attack.c
--- sshguard_MASTER/src/blocker/attack.c	2019-01-20 21:56:04.055508560 +0100
+++ sshguard/src/blocker/attack.c	2019-01-20 22:40:58.716095771 +0100
@@ -22,10 +22,10 @@
 }
 
 int attack_addr_seeker(const void *el, const void *key) {
-    const sshg_address_t *adr = (const sshg_address_t *)key;
+    const attack_t *akey = (const attack_t *)key;
     const attacker_t *atk = (const attacker_t *)el;
 
-    assert(atk != NULL && adr != NULL);
-    if (atk->attack.address.kind != adr->kind) return 0;
-    return (strcmp(atk->attack.address.value, adr->value) == 0);
+    assert(atk != NULL && akey != NULL);
+    if (atk->attack.address.kind != akey->address.kind) return 0;
+    return (strcmp(atk->attack.address.value, akey->address.value) == 0 && akey->service == atk->attack.service);
 }
diff -Naur sshguard_MASTER/src/blocker/blocker.c sshguard/src/blocker/blocker.c
--- sshguard_MASTER/src/blocker/blocker.c	2019-01-20 21:56:04.055508560 +0100
+++ sshguard/src/blocker/blocker.c	2019-01-20 22:40:58.832096530 +0100
@@ -183,9 +183,9 @@
             abort();
         }
     }
-    sshguard_log(LOG_WARNING, "Blocking \"%s/%u\" %s (%u attacks in %lld "
+    sshguard_log(LOG_WARNING, "Blocking \"%s/%u\" on service %d %s (%u attacks in %lld "
                               "secs, after %d abuses over %lld secs.)",
-                 tmpent->attack.address.value, subnet_size, time_msg, tmpent->numhits,
+                 tmpent->attack.address.value, subnet_size, tmpent->attack.service, time_msg, tmpent->numhits,
                  (long long)(tmpent->whenlast - tmpent->whenfirst),
                  offenderent->numhits,
                  (long long)(offenderent->whenlast - offenderent->whenfirst));
@@ -211,8 +211,8 @@
 
     /* address already blocked? (can happen for 100 reasons) */
     if (blocklist_contains(attack)) {
-        sshguard_log(LOG_INFO, "%s has already been blocked.",
-                attack.address.value);
+        sshguard_log(LOG_INFO, "%s has already been blocked for service %d.",
+                attack.address.value, attack.service);
         return;
     }
 
@@ -222,13 +222,13 @@
         return;
     }
 
-    sshguard_log(LOG_NOTICE,
+    sshguard_log(LOG_WARNING,
                  "Attack from \"%s\" on service %d with danger %u.",
                  attack.address.value, attack.service,
                  attack.dangerousness);
 
     /* search entry in list */
-    tmpent = list_seek(& limbo, & attack.address);
+    tmpent = list_seek(& limbo, & attack);
     if (tmpent == NULL) { /* entry not already in list, add it */
         /* otherwise: insert the new item */
         tmpent = malloc(sizeof(attacker_t));
@@ -252,11 +252,11 @@
     /* find out if this is a recidivous offender to determine the
      * duration of blocking */
     tmpent->pardontime = opts.pardon_threshold;
-    offenderent = list_seek(& offenders, & attack.address);
+    offenderent = list_seek(& offenders, & attack);
     if (offenderent == NULL) {
         /* first time we block this guy */
-        sshguard_log(LOG_DEBUG, "%s: first block (adding as offender.)",
-                tmpent->attack.address.value);
+        sshguard_log(LOG_DEBUG, "%s: first block for service %d (adding as offender.)",
+                tmpent->attack.address.value, tmpent->attack.service);
         offenderent = (attacker_t *)malloc(sizeof(attacker_t));
         /* copy everything from tmpent */
         memcpy(offenderent, tmpent, sizeof(attacker_t));
diff -Naur sshguard_MASTER/src/blocker/blocklist.c sshguard/src/blocker/blocklist.c
--- sshguard_MASTER/src/blocker/blocklist.c	2019-01-20 21:56:04.055508560 +0100
+++ sshguard/src/blocker/blocklist.c	2019-01-20 22:40:58.948097289 +0100
@@ -29,14 +29,14 @@
 static void fw_block(const attack_t *attack) {
     unsigned int subnet_size = fw_block_subnet_size(attack->address.kind);
 
-    printf("block %s %d %u\n", attack->address.value, attack->address.kind, subnet_size);
+    printf("block %s %d %u %d\n", attack->address.value, attack->address.kind, subnet_size, attack->service);
     fflush(stdout);
 }
 
 static void fw_release(const attack_t *attack) {
     unsigned int subnet_size = fw_block_subnet_size(attack->address.kind);
 
-    printf("release %s %d %u\n", attack->address.value, attack->address.kind, subnet_size);
+    printf("release %s %d %u %d\n", attack->address.value, attack->address.kind, subnet_size, attack->service);
     fflush(stdout);
 }
 
@@ -57,8 +57,8 @@
         /* process hosts with finite pardon time */
         if (now - tmpel->whenlast > tmpel->pardontime) {
             /* pardon time passed, release block */
-            sshguard_log(LOG_DEBUG, "%s: unblocking after %lld secs",
-                         tmpel->attack.address.value,
+            sshguard_log(LOG_WARNING, "Unblocking %s for service %d after %lld secs",
+                         tmpel->attack.address.value, tmpel->attack.service,
                          (long long)(now - tmpel->whenlast));
             fw_release(&tmpel->attack);
             list_delete_at(&hell, pos);
@@ -101,7 +101,7 @@
 bool blocklist_contains(attack_t attack) {
     attacker_t *tmpent = NULL;
     pthread_mutex_lock(&list_mutex);
-    tmpent = list_seek(&hell, &attack.address);
+    tmpent = list_seek(&hell, &attack);
     pthread_mutex_unlock(&list_mutex);
     return tmpent != NULL;
 }
diff -Naur sshguard_MASTER/src/blocker/sshguard_blacklist.c sshguard/src/blocker/sshguard_blacklist.c
--- sshguard_MASTER/src/blocker/sshguard_blacklist.c	2019-01-20 21:56:04.055508560 +0100
+++ sshguard/src/blocker/sshguard_blacklist.c	2019-01-20 22:40:59.040097892 +0100
@@ -119,9 +119,9 @@
 
 void blacklist_add(const attacker_t *restrict newel) {
     assert(blacklist_file != NULL && blacklist != NULL);
-    if (blacklist_contains(&newel->attack.address)) {
-        sshguard_log(LOG_WARNING, "blacklist: %s is already blacklisted",
-                newel->attack.address.value);
+    if (blacklist_contains(&newel->attack)) {
+        sshguard_log(LOG_WARNING, "blacklist: %s is already blacklisted for service %d",
+                newel->attack.address.value, newel->attack.service);
         return;
     }
 
@@ -139,14 +139,14 @@
     }
 }
 
-int blacklist_contains(const sshg_address_t *restrict addr) {
+int blacklist_contains(const attack_t *restrict attack) {
     if (blacklist == NULL) {
         // Blacklist hasn't been loaded yet.
         return -1;
     }
 
     list_attributes_seeker(blacklist, attack_addr_seeker);
-    attacker_t *restrict el = list_seek(blacklist, addr);
+    attacker_t *restrict el = list_seek(blacklist, attack);
     return (el != NULL);
 }
 
diff -Naur sshguard_MASTER/src/blocker/sshguard_blacklist.h sshguard/src/blocker/sshguard_blacklist.h
--- sshguard_MASTER/src/blocker/sshguard_blacklist.h	2019-01-20 21:56:04.055508560 +0100
+++ sshguard/src/blocker/sshguard_blacklist.h	2019-01-20 22:40:59.172098756 +0100
@@ -44,4 +44,4 @@
  *
  * @return          <0 if error; 1 if (addr,addrkind) present in blacklist, 0 otherwise
  */
-int blacklist_contains(const sshg_address_t *restrict addr);
+int blacklist_contains(const attack_t *restrict attack);
diff -Naur sshguard_MASTER/src/fw/sshg-fw.in sshguard/src/fw/sshg-fw.in
--- sshguard_MASTER/src/fw/sshg-fw.in	2019-01-20 21:56:04.059508605 +0100
+++ sshguard/src/fw/sshg-fw.in	2019-01-20 22:40:59.340099855 +0100
@@ -16,12 +16,12 @@
 
 trap cleanup EXIT INT
 
-while read cmd address addrtype cidr; do
+while read cmd address addrtype cidr service; do
     case $cmd in
         block)
-            fw_block $address $addrtype $cidr;;
+            fw_block $address $addrtype $cidr $service;;
         release)
-            fw_release $address $addrtype $cidr;;
+            fw_release $address $addrtype $cidr $service;;
         flush)
             fw_flush;;
         flushonexit)