Menu
▾
▴
Re: [SSHGuard-users] Error message in log: xtables
|
From: Daniel A. <co...@da...> - 2018-01-09 16:04:29
|
On Mon, Jan 8, 2018, at 07:46, li...@la... wrote: > On Mon, 8 Jan 2018 12:43:49 +0800 > Kevin Zheng <kev...@gm...> wrote: > > > On 01/08/2018 11:47, li...@la... wrote: > > > From centos 7 boot in the messages log. Is this a problem? > > > > > > Jan 7 05:11:48 systemd: Starting LSB: Bring up/down networking... > > > Jan 7 05:11:48 systemd: Starting SSHGuard - blocks brute-force > > > login attempts... Jan 7 05:11:48 iptables: Another app is > > > currently holding the xtables lock. Perhaps you want to use the -w > > > option? Jan 7 05:11:48 systemd: Started SSHGuard - blocks > > > brute-force login attempts. > > > > Perhaps. I remember something similar being reported before. > > > > What version of SSHGuard, Linux kernel, distribution, and iptables are > > you using? > > > > Some additional firewalld stuff I meant to post but forgot. The default > size of the ipset is very small. I maxed one out at less than 30 IP > addresses. > > Check out this post, specifically at the bottom: > https://lists.fedorahosted.org/archives/list/fir...@li.../thread/EQAIIB5YTEAFZRW7Z6ALKCV3HGSWJ2EM/ > > You need to specify the maximum size of the elements of the ipset. But > what I found interesting is if you add an IP address to block, you will > be returned a "success" even if the ipset is full (reached limit). I tested on Fedora 27 just now and added over 1000 addresses to the sshguard4 ipset without problem. The default maximum size of an ipset should be 65 536. I’m not sure what is going on on your system, but I doubt that this is your problem if you only have 30 entries. -- Daniel Aleksandersen https://www.daniel.priv.no/ |
