OS: Tested on Fedora 28/Archlinux with firewalld v5.5.x/v6.x.x Version: sshguard 2.2.0 Backend: sshg-fw-firewalld
The fw_init() function causes an error in firewalld when adding the sshguard4/6 ipsets and a warning when adding the rich rules anytime sshguard is started after the first run, due to the ipsets/rules being persistent between restarts:
firewalld: ERROR: NAME_CONFLICT: new_ipset(): 'sshguard6' firewalld: WARNING: ALREADY_ENABLED: rule family=ipv6 source ipset=sshguard6 drop firewalld: ERROR: NAME_CONFLICT: new_ipset(): 'sshguard4' firewalld: WARNING: ALREADY_ENABLED: rule family=ipv4 source ipset=sshguard4 drop
This does not affect functionality, it just causes the above errors to be logged by firewalld, which is annoying when monitoring logs.
Steps to reproduce: 1. Run sshguard with the firewalld-backend. 2. Stop and restart sshguard. 3. Check the logs for firewalld-errors.
I've attached a patch to sshg-fw-firewalld.sh that fixes this by first checking whether the filtering rule exists before creating the rule & ipset.