Menu
▾
▴
Re: [SSHGuard-users] Error message in log: xtables
|
From: <li...@la...> - 2018-01-08 06:47:00
|
On Mon, 8 Jan 2018 12:43:49 +0800 Kevin Zheng <kev...@gm...> wrote: > On 01/08/2018 11:47, li...@la... wrote: > > From centos 7 boot in the messages log. Is this a problem? > > > > Jan 7 05:11:48 systemd: Starting LSB: Bring up/down networking... > > Jan 7 05:11:48 systemd: Starting SSHGuard - blocks brute-force > > login attempts... Jan 7 05:11:48 iptables: Another app is > > currently holding the xtables lock. Perhaps you want to use the -w > > option? Jan 7 05:11:48 systemd: Started SSHGuard - blocks > > brute-force login attempts. > > Perhaps. I remember something similar being reported before. > > What version of SSHGuard, Linux kernel, distribution, and iptables are > you using? > Some additional firewalld stuff I meant to post but forgot. The default size of the ipset is very small. I maxed one out at less than 30 IP addresses. Check out this post, specifically at the bottom: https://lists.fedorahosted.org/archives/list/fir...@li.../thread/EQAIIB5YTEAFZRW7Z6ALKCV3HGSWJ2EM/ You need to specify the maximum size of the elements of the ipset. But what I found interesting is if you add an IP address to block, you will be returned a "success" even if the ipset is full (reached limit). |
