Menu
▾
▴
Re: [SSHGuard-users] Issue restarting sshguard
|
From: <li...@la...> - 2017-01-20 03:11:19
|
I will upgrade to 2.0 tonight.
My question was more like why do MY ipfw tables get flushed upon booting while table 22 doesn't.
A different question and not exactly on sshguard target. ;-)
Original Message
From: Kevin Zheng
Sent: Thursday, January 19, 2017 6:10 PM
To: ssh...@li...
Subject: Re: [SSHGuard-users] Issue restarting sshguard
On 01/18/17 15:27, Burton Strauss wrote:
> fw_flush is in finisher() which is called at the end of the program via atexit().
>
> IF it is called,
>
> static void finishup(void) {
> sshguard_log(LOG_INFO, "Exiting on %s",
> exit_sig == SIGHUP ? "SIGHUP" : "signal");
>
> if (fw_flush() != FWALL_OK) {
> sshguard_log(LOG_ERR, "fw: failed to flush blocked addresses");
> }
>
> So you would see the log message and then if the flush failed the 2nd
> message. I'm not seeing it. Next step would be to instrument the
> called code and log the call to the script and the chain at the end.
Here's my guess without looking at history and code:
If I remember correctly on 1.7.1 fw_flush() always returns FWALL_OK.
fw_flush() sends "flush" over a pipe to sshg-fw.
If the pipe gets broken first, then flush will never happen.
2.0 fixes this by issuing "flushonexit" to sshg-fw, so that whenever
sshg-fw exits flush is issued no matter if the pipe goes down first.
Fix is to upgrade to 2.0 or backport this.
Best,
Kevin
--
Kevin Zheng
kev...@gm... | ke...@be... | PGP: 0xC22E1090
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sshguard-users mailing list
ssh...@li...
https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
