[SSHGuard-users] Are the FirewallD IPSet commands actually doing the right/any/thing?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On a SLES 15 VM, with

firewalld-0.5.5-4.24.9.noarch

which matches the one on the production system I am looking
to deploy SSHGuard on,

I just ran the command that I can see inside SSHGuard's

usr/lib/sshguard/sshg-fw-firewalld

script, which purports to initialise the FirewallD IPSets.

sles-15-02:~ # firewall-cmd --permanent --new-ipset="sshguard4" --type="hash:net" --option="family=inet"
success
sles-15-02:~ #

Deep joy!

However,

sles-15-02:~ # firewall-cmd --info-ipset=sshguard4
Error: INVALID_IPSET: sshguard4
sles-15-02:~ #

Deep sorrow!

That confirms what I saw on the production system (see threads passim)
where the logs were full of

Error: INVALID_IPSET: sshguard4

messages.

On an openSUSE Leap 15.3 box that we are using for something else,
which has

firewalld-0.9.3-1.1.noarch

I tried running the same commands, and saw the same thing, however,
it's possible I have worked out what is going on

# firewall-cmd --info-ipset=sshguard4
Error: INVALID_IPSET: sshguard4

# firewall-cmd --ipset=sshguard4 --add-entry=192.102.251.102
Error: INVALID_IPSET: sshguard4

BUT

if those commands have the "--permanent" flag added to them, so:

# firewall-cmd --permanent --ipset=sshguard4 --add-entry=192.102.251.102
success
# firewall-cmd --permanent --info-ipset=sshguard4
sshguard4
   type: hash:net
   options:
   entries: 192.102.251.102
#

so are the Error-s that are being seen the result of SSHGuard's commands
lacking the "--permanent" flag when targetting IPSets, for example:

fw_block() {
     ${FIREW_CMD} --ipset="sshguard$2" --add-entry="$1/$3"
}

Kevin

[SSHGuard-users] Are the FirewallD IPSet commands actually doing the right/any/thing?

Intelligently block brute-force attacks by aggregating system logs

[SSHGuard-users] Are the FirewallD IPSet commands actually doing the right/any/thing?