[SSHGuard-users] Firewalld backend: do I need to create the two ipsets ?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Been happily running SSHGuard 2.4.2 against IPTables, but now
have some boxes that are likely to be running FirewallD.

I read, in the sshguard-setup manpage

    firewalld
        Blocked attackers are added to two ipsets named sshguard4 and
        ssh- guard6.  The entries in the ipsets are blocked by default
        in the default firewall zone.  Additional firewall zones can be
        configured using:

           # firewall-cmd --zone=zone-name --permanent \
               --add-rich-rule="rule source ipset=sshguard4 drop"
           # firewall-cmd --zone=zone-name --permanent \
               --add-rich-rule="rule source ipset=sshguard6 drop"

        You can inspect the entries in the two ipsets using:

           # firewall-cmd --permanent --info-ipset=sshguard4
           # firewall-cmd --permanent --info-ipset=sshguard6

though my expeience with the IPTables backend suggests that I should
read the above as saying that

     You need to create the two ipsets in the default zone

but, is that the case, or does SSHGuard do /some things/everything/
for you in firewalld-land, as long as you use the default (as in zone
in effect when SHHGuard starts) zone ?

Kevin

[SSHGuard-users] Firewalld backend: do I need to create the two ipsets ?

Intelligently block brute-force attacks by aggregating system logs

[SSHGuard-users] Firewalld backend: do I need to create the two ipsets ?