Menu
▾
▴
Re: [SSHGuard-users] Call for testing: SSHGuard 1.7.0
|
From: Georg L. <jor...@ma...> - 2016-07-29 03:32:47
|
On 28/07/16 19:08, Kevin Zheng wrote: > On 07/28/2016 10:27, Georg Lehner wrote: >> - The sshg-fw script stops with syntax error, a patch with some >> improvements (hopefully) is attached. > > Thanks for the patch. Just to make sure, what does 'iptables -w -v' do? > I can't seem to tell from the man page [1] what the default action is. > > [1] http://linuxmanpages.net/manpages/fedora21/man8/iptables.8.html > Hello Kevin, It should be `-V` (--version), instead of `-v`. I'm sure you remember, that I have a system with an old `iptables` which does not understand the `-w` switch. Since I have a system with a new `iptables`too, I was able to find a way, to detect non-intrusively if `-w` is supported. `iptables -w -V` will exit with an error and a message on stderr if it is an old `iptables`. If it is a new `iptables` it will show its version on stdout and exit with success. I proposed: `if $cmd -w -v 2>/dev/null; then ...` in my patch, however it better be: `if $cmd -w -V 2>&1 >/dev/null; then ...` to suppress the version string too. Best Regards, Georg Lehner |
