Menu
▾
▴
Re: [SSHGuard-users] performance when using firewalld: adding/removing many entries at once
|
From: Kevin B. <kev...@gm...> - 2022-01-12 02:35:06
|
On 2022/01/11 12:36, Kevin Zheng wrote: >> I don't have a system handy where I can test firewall-cmd, but is there > an interface (or another command) that lets you bulk-add address to an > ipset without invoking firewall-cmd once per address? Sadly, can't claim to have huge experience (yet?) with firewalld, and, as you may have seen in another recent post to the list, into this thread Firewalld backend: do I need to create the two ipsets ? I'm having issues with the ipset that SSHGuard creates anyway, but am yet to get around to looking at why I'm seeing what I am, vis: Jan 10 11:03:44 ln01 firewalld[48409]: WARNING: sshguard4: INVALID_TYPE: 'hash:net' is not supported by ipset., ignoring for run-time. Jan 10 11:03:44 ln01 firewalld[48409]: WARNING: sshguard6: INVALID_TYPE: 'hash:net' is not supported by ipset., ignoring for run-time. Jan 10 11:03:45 ln01 firewalld[48409]: WARNING: INVALID_IPSET: sshguard6 Jan 10 11:03:45 ln01 firewalld[48409]: WARNING: INVALID_IPSET: sshguard4 Jan 10 11:03:45 ln01 firewalld[48409]: ERROR: INVALID_IPSET: sshguard4 Jan 10 11:03:46 ln01 firewalld[48409]: ERROR: INVALID_IPSET: sshguard4 Jan 10 11:03:46 ln01 firewalld[48409]: ERROR: INVALID_IPSET: sshguard4 so, that might be part of the slow rate of ingest I've seen so far, and/or an indication that nothing is actually being ingested? To expand on that last point. SSHGuard is clearly working, even to the extent of blocking (again) two IP addresses that were in the blacklist, but which presumably hadn't been ingested from it by the time the latest "attack" passed the threshold, or, had been read from the file but just not added to the ipset. Kevin |
