Menu
▾
▴
[SSHGuard-users] switch to firewalld
|
From: Injo <sou...@pr...> - 2017-08-02 07:54:09
|
Hey guys, First message to the mailing list ;). I've succesfully set up sshguard 2.0 on archlinux. I had firewalld running and was manually blocking IP's I found repeatedly trying to get into ssh. This list had around 1000 IP's in it. As you might imagine I was getting really tired of the manual maintenance. When I was looking into sshguard, the documents page made no mention of firewalld support, so I uninstalled it and cleared my iptables setup to let sshguard handle it. Just now, I read there firewalld support in version 2.0, so my question is, can I switch back to firewalld? How do I need to setup sshguard.conf to use firewalld instead? Another thing I don't quite get is when I see sshguard blocking someone, I see this line: > Aug 02 09:11:38 hostname sshguard[848]: Blocking "84.137.66.201" for > 960 secs (3 attacks in 140 secs, > after 4 abuses over 1624 secs.). I also see a corresponding line with > iptables --list, but I don't see this being saved to > /etc/iptables/iptables.rules file. How is sshguard saving its blocks? > When I reboot the server or restart services, it won't retain whatever > sshguard has blocked so far, so how does this work? Last but not least, I see some sshguard blocks being resolved to hostnames in iptables --list. How can I prevent it from doing that? I want it to block IP's, because there are dynamic DNS entries in there and others are just DSL/home internet lines that constantly change anyway. Besides that, it also takes time to try and do reverse lookups all the time, especially if they can't be resolved and wait for timeouts so I rather have sshguard just use IP addresses. Thanks for this tool! Hopefully someone can help me here. Regards, Ingmar. |
