It seems that SSHGuard does not work with Firewalld.

Create issue
Issue #144 open
ri cha created an issue

The SSHGuard version is 2.4.2.

I followed Archwiki's guidelines, but only got bug reports.

Some users in the ArchLinux community seem to have encountered the same failure.

https://bbs.archlinux.org/viewtopic.php?id=267610

Comments (5)

  1. Kevin Zheng
    • changed status to open

    Do the instructions in the last forum post solve the issue for you?

    Manually add the ipsets to /usr/lib/sshguard/sshg-fw-firewalld:

    firewall-cmd --permanent --new-ipset="sshguard4" --type="hash:net" --option="family=inet"
    firewall-cmd --permanent --new-ipset="sshguard6" --type="hash:net" --option="family=inet6"
    
  2. ri cha reporter

    It seems that the Archwiki tutorial is too old, it seems that only need to modify BACKEND to make SSHGuard and firewalld work together.

  3. Kevin Zheng

    That seems to be what’s going on. Unfortunately, I don’t have a Linux machine with firewalld on which I can test my changes.

    Would you mind putting together a patch against sshg-fw-firewalld that works for you, that I can review and commit?

    Do you also happen to know if the new syntax is backwards compatible with older versions of firewalld?

  4. ri cha reporter

    It seems that firewalld has indeed changed some commands, and some distributions do use the old firewalld. Because I use a rolling distribution, I am not particularly clear about how the old firewalld is used, and I started using sshguard in the past week, so It might be better to ask the developers of firewalld directly.

  5. Log in to comment