Fix bashisms in iptables backend

Create issue
Issue #32 resolved
Former user created an issue

Hello,

After compile sshguard v.1.6.3 in GNU Debian unstable.

sudo /usr/sbin/sshguard -l /var/log/auth.log sh: 1: [: x: unexpected operator Chain INPUT (policy ACCEPT) target prot opt source destination
sshguard all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT) target prot opt source destination

Chain OUTPUT (policy ACCEPT) target prot opt source destination

Chain sshguard (1 references) target prot opt source destination
sh: 1: [: 0: unexpected operator

Here Ctrl + C ^Csh: 1: [: x: unexpected operator sh: 1: [: 0: unexpected operator sh: 1: [: x6: unexpected operator sh: 1: [: 0: unexpected operator

It shows several unexpected operators.

That it doesn't happen with v1.6.0 sudo /usr/sbin/sshguard -l /var/log/auth.log Chain INPUT (policy ACCEPT) target prot opt source destination
sshguard all -- 0.0.0.0/0 0.0.0.0/0
sshguard all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT) target prot opt source destination

Chain OUTPUT (policy ACCEPT) target prot opt source destination

Chain sshguard (2 references) target prot opt source destination

Kind regards,

Julián Moreno Patiño

Comments (8)

  1. Kevin Zheng

    I'd have to do some digging, but if I remember correctly the major change was to make some arguments passed to iptables backward-compatible. I wonder if that change introduced some bashisms? What shell is Debian's /bin/sh?

  2. Julián Moreno Patiño

    Hello Kevin,

    In Debian /bin/sh is a symbolic link to /bin/dash

    dash is the default shell in Debian.

  3. Julián Moreno Patiño

    Hello Kevin,

    Checking the code I see this:

    src/fwalls/command_iptables.h

    #define IPTBLCMD "TBL=iptables; if [ x$SSHG_ADDRKIND == x6 ]; then TBL=ip6tables; fi; iptblscmd() { " IPTABLES_PATH "/$TBL -w $@; r=$?; if [ $r == 2 ]; then exec " IPTABLES_PATH "/$TBL $@; fi; exit $r; }; iptblscmd "

    The line above is a pure bash script ? if yes, there are some errors. I believe that '==' operator, it doesn't exists.

    To do comparison please check: man test

    http://linux.die.net/man/1/test

    There are useful examples there.

    I'll be attentive to any doubt

  4. Kevin Zheng

    The patch looks correct, although since I don't have iptables it's hard for me to test. Does the patch fix your issue?

  5. Log in to comment