Re: [SSHGuard-users] performance when using firewalld: adding/removing many entries at once

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 27.08.20 18:52, Kevin Zheng wrote:
> I suspect, without any measurement to back my suspicion, that the
> slowness comes from trying to invoke a separate firewall-cmd process so
> many times. Are there other ways to talk to firewalld without spinning
> up a process? I don't use firewalld, but some searching shows that
> there's a D-Bus interface and a "direct" interface. How does the
> firewalld GUI talk to firewalld? Through firewall-cmd or one of the
> interfaces I mentioned?

firewall-cmd itself talks to firewalld via the DBus interface, so one
could maybe save some time by using DBus directly, if firewall-cmd is in
fact the culprit.

The direct interface bypasses firewalld and sends stuff directly to the
underlying firewall backend, which might be a problem because that
backend could be iptables or nftables or whatever else firewalld supports.

Re: [SSHGuard-users] performance when using firewalld: adding/removing many entries at once

Intelligently block brute-force attacks by aggregating system logs

Re: [SSHGuard-users] performance when using firewalld: adding/removing many entries at once