Menu
▾
▴
Re: [Sshguard-users] disable IPv6 support
|
From: Mij <mi...@bi...> - 2007-10-02 17:36:53
|
On 02/ott/07, at 14:00, Mr. Mystify wrote: > > hi... > > is it possible to disable IPv6 support in sshguard??? > > when securing a system disabling IPv6 is a basic method, if you don't > use it. for the current sshguard release (sshguard 1.0) I can't > find any > hints how to do this. > and my sshguard currently gives warning messages that ip6tables chains > are missing. > > of course this tables are missing, since I disabled any IPv6 support, > since I only have IPv4 addresses ;-) There is no way to disable IPv6 detection nor I plan to implement it. The errors you get occur when flushing the list of blocked addresses. As you say, ip6tables complains because the system doesn't have its tables set up. These errors should appear very unfrequently (at startup and shutdown), and you can safely ignore them. If you dislike it, you can remove ip6tables actions by hacking the source. Just edit src/fwalls/command_iptables.h locate this line #define COMMAND_FLUSH IPTABLES_PATH "/iptables -F sshguard ; " IPTABLES_PATH "/ip6tables -F sshguard" and shorten it as follows #define COMMAND_FLUSH IPTABLES_PATH "/iptables -F sshguard then reconfigure (!), recompile and reinstall. bye |
