Re: [SSHGuard-users] [PATCH] nft-sets: switch to a single 'inet' family table

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 3/11/21 6:44 AM, Lauri Tirkkonen via sshguard-users wrote:
> nftables supports a family called 'table' for dual stack abstraction;
> use that instead of creating two separate tables. two sets are still
> needed since nftables can only store either v4 or v6 addresses in a
> single set, but having just one table is still a simplification.
> 
> also fix a bug where reinitializing the backend would always append a
> new drop rule at the end of the chain.

Thank you for the patch. This patch seems reasonable.

Unfortunately, I don't have a machine on which I can test this patch. 
Could another nft user give this patch a whirl and confirm that it works 
in other environments?

Thanks,
Kevin

Re: [SSHGuard-users] [PATCH] nft-sets: switch to a single 'inet' family table

Intelligently block brute-force attacks by aggregating system logs

Re: [SSHGuard-users] [PATCH] nft-sets: switch to a single 'inet' family table