Re: [SSHGuard-users] Error message in log: xtables

[<li...@la...>]

On Mon, 8 Jan 2018 12:43:49 +0800
Kevin Zheng <kev...@gm...> wrote:

> On 01/08/2018 11:47, li...@la... wrote:
> > From centos 7 boot in the messages log. Is this a problem?
> > 
> > Jan  7 05:11:48  systemd: Starting LSB: Bring up/down networking...
> > Jan  7 05:11:48  systemd: Starting SSHGuard - blocks brute-force
> > login attempts... Jan  7 05:11:48  iptables: Another app is
> > currently holding the xtables lock. Perhaps you want to use the -w
> > option? Jan  7 05:11:48  systemd: Started SSHGuard - blocks
> > brute-force login attempts.  
> 
> Perhaps. I remember something similar being reported before.
> 
> What version of SSHGuard, Linux kernel, distribution, and iptables are
> you using?
> 

I'm running firewalld. I'm very much a novice on firewalld, but I
understand it can be augnmented with iptables, but it isn't a
requirement.

Centos
uname -a
Linux  3.10.0-693.11.1.el7.x86_64 #1 SMP Mon Dec 4
23:52:40 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

firewall-cmd --version
0.4.4.4

sh-4.2# systemctl status iptables
Unit iptables.service could not be found.

sh-4.2# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2018-01-07 05:11:48 UTC; 1 day 1h ago
     Docs: man:firewalld(1)
 Main PID: 585 (firewalld)
   CGroup: /system.slice/firewalld.service                                                                                                                                         
           └─585 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid                                                                                                          

Jan 07 05:12:14  firewalld[585]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.                                                          
Jan 07 05:12:20  firewalld[585]: WARNING: ALREADY_ENABLED: rule family=ipv6 source ipset=sshguard6 drop                                                                            
Jan 07 05:12:21  firewalld[585]: ERROR: NAME_CONFLICT: new_ipset(): 'sshguard4'                                                                                                    
Jan 07 05:12:22  firewalld[585]: WARNING: ALREADY_ENABLED: rule family=ipv4 source ipset=sshguard4 drop                                                                            
Jan 07 05:12:48  firewalld[585]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.                                                                        
Jan 07 05:12:48  firewalld[585]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.                                                          
Jan 07 05:12:48  firewalld[585]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.                                                                       
Jan 07 05:12:48  firewalld[585]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.                                                         
Jan 07 05:12:48  firewalld[585]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.                                                                        
Jan 07 05:12:48  firewalld[585]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.