It seems that SSHGuard does not work with Firewalld.

Issue #144 open

ri cha created an issue 2021-10-01

The SSHGuard version is 2.4.2.

‌

I followed Archwiki's guidelines, but only got bug reports.

‌

Some users in the ArchLinux community seem to have encountered the same failure.

Comments (5)

ri cha reporter
- edited description
- 2021-10-01T09:06:36+00:00
Kevin Zheng
- changed status to open
Do the instructions in the last forum post solve the issue for you?

Manually add the ipsets to /usr/lib/sshguard/sshg-fw-firewalld:
```
firewall-cmd --permanent --new-ipset="sshguard4" --type="hash:net" --option="family=inet"
firewall-cmd --permanent --new-ipset="sshguard6" --type="hash:net" --option="family=inet6"
```
- 2021-10-02T18:31:50+00:00
ri cha reporter
It seems that the Archwiki tutorial is too old, it seems that only need to modify BACKEND to make SSHGuard and firewalld work together.
- 2021-10-09T15:13:08+00:00
Kevin Zheng
That seems to be what’s going on. Unfortunately, I don’t have a Linux machine with firewalld on which I can test my changes.

Would you mind putting together a patch against sshg-fw-firewalld that works for you, that I can review and commit?

Do you also happen to know if the new syntax is backwards compatible with older versions of firewalld?
- 2021-10-09T17:19:43+00:00
ri cha reporter
It seems that firewalld has indeed changed some commands, and some distributions do use the old firewalld. Because I use a rolling distribution, I am not particularly clear about how the old firewalld is used, and I started using sshguard in the past week, so It might be better to ask the developers of firewalld directly.
- 2021-10-09T17:40:18+00:00
Log in to comment