Menu
▾
▴
sshguard-users
|
From: Kevin Z. <kev...@gm...> - 2015-08-01 01:07:46
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Greetings, I am pleased to announce the release of SSHGuard 1.6.1 [1]. This release is primarily a bugfix release that fixes a few late-breaking issues from 1.6.0 while incorporating a few feature improvements. This release was slightly delayed by a recent SourceForge outage. Changes in this release include: - - Accept "Received disconnect" with optional prefix - - Add support for socklog entries - - Fix 'ipfw-rules-range' option in configure script - - Fix build for 'ipfw' and 'hosts' backends - - Fix integer comparisons of different types - - Match attacks when syslog debugging is enabled Many thanks to the contributors who reported issues or sent in patches to fix them. Special thanks to the FreeBSD community for reporting and fixing a number of problems amended in this release. As usual, please report any bugs, build failures, or other issues to the mailing list or the Bitbucket tracker [2]. Very best, Kevin Zheng [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.6.1/ [2] https://bitbucket.org/sshguard/sshguard/issues/ - -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVvBvZAAoJEOrPD3bCLhCQmdMH/3g8gjEF67GUBX7VH+QpY2vQ W2UYCbIln5z4VytYHMyykNcqTMkZCpnPnuQV+14IVrIUSfQp5fY3vYKL7xcTT3PC canTMbuPsLPjdXsSFCtZjQetbuDrsGEDzXD82XV1ATHz41RknanSnq0GasRF7NZR GpLN7gukNHhtzoSSca7fC/W9AUo1Ya0s9avIbkamm5PKfZ+ZQW1C6UaXOOshpTLb 8FQ1sbG9PozyN6ohEA2VnEMvcD8EdJ4sBTNdEPpehSj/SzRSkMvaVeQdq9yhnuQV uC8q6aT76rhgu1CMMB/zxASND/mJyyDgWfkH0QxF+pRGR3SMehJENAkXesPZzgA= =HFiX -----END PGP SIGNATURE----- |
|
From: Greg P. <gr...@n0...> - 2015-08-02 20:13:38
Attachments:
signature.asc
|
For IPFW, did the change to use a table instead of individual rules make it in? I’ve installed 1.6.1 on FreeBSD from the ports (sshguard-ipfw) and its still creating individual rules, and also it crashes on start if the blacklist is larger than 4 lines or so. Thanks, Greg > On Jul 31, 2015, at 20:07 , Kevin Zheng <kev...@gm...> wrote: > > Signed PGP part > Greetings, > > I am pleased to announce the release of SSHGuard 1.6.1 [1]. This > release is primarily a bugfix release that fixes a few late-breaking > issues from 1.6.0 while incorporating a few feature improvements. This > release was slightly delayed by a recent SourceForge outage. > > Changes in this release include: > > - Accept "Received disconnect" with optional prefix > - Add support for socklog entries > - Fix 'ipfw-rules-range' option in configure script > - Fix build for 'ipfw' and 'hosts' backends > - Fix integer comparisons of different types > - Match attacks when syslog debugging is enabled > > Many thanks to the contributors who reported issues or sent in patches > to fix them. Special thanks to the FreeBSD community for reporting and > fixing a number of problems amended in this release. > > As usual, please report any bugs, build failures, or other issues to > the mailing list or the Bitbucket tracker [2]. > > Very best, > Kevin Zheng > > [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.6.1/ > [2] https://bitbucket.org/sshguard/sshguard/issues/ > > -- > Kevin Zheng > kev...@gm... | ke...@kd... | PGP: 0xC22E1090 > > > ------------------------------------------------------------------------------ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
|
From: Willem J. W. <wj...@di...> - 2015-08-03 09:08:23
|
On 1-8-2015 03:07, Kevin Zheng wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Greetings, > > I am pleased to announce the release of SSHGuard 1.6.1 [1]. This > release is primarily a bugfix release that fixes a few late-breaking > issues from 1.6.0 while incorporating a few feature improvements. This > release was slightly delayed by a recent SourceForge outage. > > Changes in this release include: > > - - Accept "Received disconnect" with optional prefix > - - Add support for socklog entries > - - Fix 'ipfw-rules-range' option in configure script > - - Fix build for 'ipfw' and 'hosts' backends > - - Fix integer comparisons of different types > - - Match attacks when syslog debugging is enabled > > Many thanks to the contributors who reported issues or sent in patches > to fix them. Special thanks to the FreeBSD community for reporting and > fixing a number of problems amended in this release. > > As usual, please report any bugs, build failures, or other issues to > the mailing list or the Bitbucket tracker [2]. Hi, I added some code on FreeBSD to libssh to make some errors actually log the the ip-number, because this is usualy abuse as well.... https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202055 And it changes the log like: fatal: Read from socket failed: Connection reset by peer [preauth] Which is rather useless for tools like sshguard and/or fail2ban But this patch changes this info to: Aug 2 19:37:32 zfs sshd[19444]: Read from socket failed: 218.2.22.36 [preauth] Aug 2 19:37:32 zfs sshd[19444]:fatal: Read from socket failed: Connection reset by peer [preauth] But then again this needs to be picked upt by sshguard with an extra parser rule... --WjW patch: Index: crypto/openssh/packet.c =================================================================== --- crypto/openssh/packet.c (revision 286222) +++ crypto/openssh/packet.c (working copy) @@ -1128,8 +1128,10 @@ logit("Connection closed by %.200s", get_remote_ipaddr()); cleanup_exit(255); } - if (len < 0) + if (len < 0) { + logit("Read from socket failed: %.200s", get_remote_ipaddr()); fatal("Read from socket failed: %.100s", strerror(errno)); + } /* Append it to the buffer. */ packet_process_incoming(buf, len); } |
|
From: Kevin Z. <kev...@gm...> - 2015-08-04 01:31:12
|
On 08/03/2015 03:36, Willem Jan Withagen wrote: > I added some code on FreeBSD to libssh to make some errors actually log > the the ip-number, because this is usualy abuse as well.... > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202055 > > And it changes the log like: > fatal: Read from socket failed: Connection reset by peer [preauth] > > Which is rather useless for tools like sshguard and/or fail2ban > > But this patch changes this info to: > Aug 2 19:37:32 zfs sshd[19444]: Read from socket failed: 218.2.22.36 > [preauth] > Aug 2 19:37:32 zfs sshd[19444]:fatal: Read from socket failed: > Connection reset by peer [preauth] This looks like a patch against OpenSSH. > But then again this needs to be picked upt by sshguard with an extra > parser rule... It'll be a while before this change makes it upstream, and it might change before it gets there, so I'll hold off on this change. Thanks, Kevin Zheng -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
|
From: Willem J. W. <wj...@di...> - 2015-08-04 10:22:08
|
On 4-8-2015 03:31, Kevin Zheng wrote: > On 08/03/2015 03:36, Willem Jan Withagen wrote: >> I added some code on FreeBSD to libssh to make some errors actually log >> the the ip-number, because this is usualy abuse as well.... >> >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202055 >> >> And it changes the log like: >> fatal: Read from socket failed: Connection reset by peer [preauth] >> >> Which is rather useless for tools like sshguard and/or fail2ban >> >> But this patch changes this info to: >> Aug 2 19:37:32 zfs sshd[19444]: Read from socket failed: 218.2.22.36 >> [preauth] >> Aug 2 19:37:32 zfs sshd[19444]:fatal: Read from socket failed: >> Connection reset by peer [preauth] > > This looks like a patch against OpenSSH. Eh, if that is what FreeBSD uses, then yes. > >> But then again this needs to be picked upt by sshguard with an extra >> parser rule... > > It'll be a while before this change makes it upstream, and it might > change before it gets there, so I'll hold off on this change. I understand.... But it is one of the remaining messages where info is missed to act upon. I have not yet received message from the bugs maintainer. --WjW |
|
From: Willem J. W. <wj...@di...> - 2015-08-04 12:04:35
|
On 4-8-2015 03:31, Kevin Zheng wrote: > On 08/03/2015 03:36, Willem Jan Withagen wrote: >> I added some code on FreeBSD to libssh to make some errors actually log >> the the ip-number, because this is usualy abuse as well.... >> >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202055 >> >> And it changes the log like: >> fatal: Read from socket failed: Connection reset by peer [preauth] >> >> Which is rather useless for tools like sshguard and/or fail2ban >> >> But this patch changes this info to: >> Aug 2 19:37:32 zfs sshd[19444]: Read from socket failed: 218.2.22.36 >> [preauth] >> Aug 2 19:37:32 zfs sshd[19444]:fatal: Read from socket failed: >> Connection reset by peer [preauth] > > This looks like a patch against OpenSSH. > >> But then again this needs to be picked upt by sshguard with an extra >> parser rule... > > It'll be a while before this change makes it upstream, and it might > change before it gets there, so I'll hold off on this change. I checked the upstream and what I see there is a completely new setup at least with regards to logging. So you actually need to install and run it to get a grip for how things are going to look in the upcoming releases.... I'm going to install openssh-portable-devel on one of my servers, and see what is going on there.... --WjW |
|
From: Kevin Z. <kev...@gm...> - 2015-08-04 01:26:53
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 08/02/2015 15:13, Greg Putrich wrote: > For IPFW, did the change to use a table instead of individual rules > make it in? I’ve installed 1.6.1 on FreeBSD from the ports > (sshguard-ipfw) and its still creating individual rules, and also > it crashes on start if the blacklist is larger than 4 lines or so. > Oops, that change did not make it in. I'll be sure it lands in 1.6.2. Thanks, Kevin Zheng - -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
|
From: Kevin Z. <kev...@gm...> - 2015-08-04 01:27:00
|
On 08/02/2015 15:13, Greg Putrich wrote: > For IPFW, did the change to use a table instead of individual rules > make it in? I’ve installed 1.6.1 on FreeBSD from the ports > (sshguard-ipfw) and its still creating individual rules, and also > it crashes on start if the blacklist is larger than 4 lines or so. Oops, that change did not make it in. I'll be sure it lands in 1.6.2. Thanks, Kevin Zheng -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
|
From: Greg P. <gr...@n0...> - 2015-08-04 01:42:57
|
Sounds good. I actually really like the new method after running it for a while. Thought I would miss the individual stats for each IP address, but I do not and I prefer the cleanness that the table brings. Greg Kevin Zheng said: > On 08/02/2015 15:13, Greg Putrich wrote: > > For IPFW, did the change to use a table instead of individual rules > > make it in? I?ve installed 1.6.1 on FreeBSD from the ports > > (sshguard-ipfw) and its still creating individual rules, and also > > it crashes on start if the blacklist is larger than 4 lines or so. > > Oops, that change did not make it in. I'll be sure it lands in 1.6.2. > > Thanks, > Kevin Zheng > > -- > Kevin Zheng > kev...@gm... | ke...@kd... | PGP: 0xC22E1090 > > ------------------------------------------------------------------------------ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
|
From: Gregory P. <gpu...@ic...> - 2015-08-02 18:55:15
|
For IPFW, did the change to use a table instead of individual rules make it in? I’ve installed 1.6.1 on FreeBSD from the ports (sshguard-ipfw) and its still creating individual rules, and also it crashes on start if the blacklist is larger than 4 lines or so. Thanks, Greg > On Jul 31, 2015, at 20:07 , Kevin Zheng <kev...@gm...> wrote: > > Signed PGP part > Greetings, > > I am pleased to announce the release of SSHGuard 1.6.1 [1]. This > release is primarily a bugfix release that fixes a few late-breaking > issues from 1.6.0 while incorporating a few feature improvements. This > release was slightly delayed by a recent SourceForge outage. > > Changes in this release include: > > - Accept "Received disconnect" with optional prefix > - Add support for socklog entries > - Fix 'ipfw-rules-range' option in configure script > - Fix build for 'ipfw' and 'hosts' backends > - Fix integer comparisons of different types > - Match attacks when syslog debugging is enabled > > Many thanks to the contributors who reported issues or sent in patches > to fix them. Special thanks to the FreeBSD community for reporting and > fixing a number of problems amended in this release. > > As usual, please report any bugs, build failures, or other issues to > the mailing list or the Bitbucket tracker [2]. > > Very best, > Kevin Zheng > > [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.6.1/ > [2] https://bitbucket.org/sshguard/sshguard/issues/ > > -- > Kevin Zheng > kev...@gm... | ke...@kd... | PGP: 0xC22E1090 > > > ------------------------------------------------------------------------------ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
|
From: Alastair H. <ag...@fa...> - 2015-08-05 13:16:31
|
On 2015-08-02 Sun 13:36:37 -0500 Gregory Putrich, wrote: > For IPFW, did the change to use a table instead of individual rules make > it in? I’ve installed 1.6.1 on FreeBSD from the ports (sshguard-ipfw) and > its still creating individual rules, and also it crashes on start if the > blacklist is larger than 4 lines or so. If you want to make use of a table id in ifpw follow these steps below: # pkg install security/sshguard-null # sysrc sshguard_flags="-e /usr/local/sbin/sshguard-null" $ cat /usr/local/sbin/sshguard-null #!/bin/sh # Source: # http://sourceforge.net/p/sshguard/mailman/message/34151601/ fwcmd="/sbin/ipfw" table_id="sshguard" print_debug="0" fwcmd_debug() { if [ ${print_debug} -gt 0 ]; then /usr/bin/logger -i -p local0.notice -t sshguard-null ${@} fi } fwcmd_debug "${0}: Incoming sshguard(8) action" case ${SSHG_ACTION} in init) # create table? fwcmd_debug "${SSHG_ACTION}" ;; fin) fwcmd_debug "${fwcmd} table ${table_id} flush" ${fwcmd} table ${table_id} flush ;; block) fwcmd_debug "${fwcmd} table ${table_id} add ${SSHG_ADDR}" ${fwcmd} table ${table_id} add ${SSHG_ADDR} ;; block_list) for a in `echo ${SSHG_ADDR} | sed 's/,/ /g'` ; do fwcmd_debug "${fwcmd} table ${table_id} add ${a}" ${fwcmd} table ${table_id} add ${a} done ;; release) fwcmd_debug "${fwcmd} table ${table_id} delete ${SSHG_ADDR}" ${fwcmd} table ${table_id} delete ${SSHG_ADDR} ;; flush) fwcmd_debug "${fwcmd} table ${table_id} flush" ${fwcmd} table ${table_id} flush ;; *) fwcmd_debug "${SSHG_ACTION} unsupported" ;; esac exit 0 I have been using this method on FreeBSD-11-CURRENT for >3 weeks now & have not observed any crashes. sshguard & ipfw continue to function as expected. > Thanks, > Greg > > On Jul 31, 2015, at 20:07 , Kevin Zheng <kev...@gm...> wrote: > > > > Signed PGP part > > Greetings, > > > > I am pleased to announce the release of SSHGuard 1.6.1 [1]. This > > release is primarily a bugfix release that fixes a few late-breaking > > issues from 1.6.0 while incorporating a few feature improvements. This > > release was slightly delayed by a recent SourceForge outage. > > > > Changes in this release include: > > > > - Accept "Received disconnect" with optional prefix > > - Add support for socklog entries > > - Fix 'ipfw-rules-range' option in configure script > > - Fix build for 'ipfw' and 'hosts' backends > > - Fix integer comparisons of different types > > - Match attacks when syslog debugging is enabled > > > > Many thanks to the contributors who reported issues or sent in patches > > to fix them. Special thanks to the FreeBSD community for reporting and > > fixing a number of problems amended in this release. > > > > As usual, please report any bugs, build failures, or other issues to > > the mailing list or the Bitbucket tracker [2]. > > > > Very best, > > Kevin Zheng > > > > [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.6.1/ > > [2] https://bitbucket.org/sshguard/sshguard/issues/ > > > > -- > > Kevin Zheng > > kev...@gm... | ke...@kd... | PGP: 0xC22E1090 > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Sshguard-users mailing list > > Ssh...@li... > > https://lists.sourceforge.net/lists/listinfo/sshguard-users > > ------------------------------------------------------------------------------ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users -- What good is having someone who can walk on water if you don't follow in his footsteps? |
|
From: Greg P. <gr...@n0...> - 2015-08-05 13:30:40
|
Alastair Hogge said: > On 2015-08-02 Sun 13:36:37 -0500 Gregory Putrich, wrote: > > For IPFW, did the change to use a table instead of individual rules make > > it in? I???ve installed 1.6.1 on FreeBSD from the ports (sshguard-ipfw) and > > its still creating individual rules, and also it crashes on start if the > > blacklist is larger than 4 lines or so. > > If you want to make use of a table id in ifpw follow these steps below: > <snip> > > I have been using this method on FreeBSD-11-CURRENT for >3 weeks now & have > not observed any crashes. sshguard & ipfw continue to function as expected. Thanks. I had sent this email from the wrong address and thought it got funnelled off to oblivion since the addr isn't subscribed to the mailing list. Sent another email from the correct address and Kevin answered it (will be coming in 1.6.2). Was a bit surprised when I saw this one show up... Oops. Back in June (?) I had compiled it from his branch and it worked absolutely great. No crashes and kept things tidy. Kept it running until I upgraded to 1.6.1 last weekend. I could do that again, but may just wait until 1.6.2 comes out, if it won't be in the distant future. It is blocking fine, just a matter of tidiness & restartability. Now that I think about it, I just may install it again on one of my servers. Greg |
|
From: Willem J. W. <wj...@di...> - 2015-08-05 15:46:42
|
On 5-8-2015 15:16, Alastair Hogge wrote: > On 2015-08-02 Sun 13:36:37 -0500 Gregory Putrich, wrote: >> For IPFW, did the change to use a table instead of individual rules make >> it in? I’ve installed 1.6.1 on FreeBSD from the ports (sshguard-ipfw) and >> its still creating individual rules, and also it crashes on start if the >> blacklist is larger than 4 lines or so. > > If you want to make use of a table id in ifpw follow these steps below: > > # pkg install security/sshguard-null > # sysrc sshguard_flags="-e /usr/local/sbin/sshguard-null" > > $ cat /usr/local/sbin/sshguard-null > > #!/bin/sh > # Source: > # http://sourceforge.net/p/sshguard/mailman/message/34151601/ > > fwcmd="/sbin/ipfw" > table_id="sshguard" > print_debug="0" > > fwcmd_debug() { > if [ ${print_debug} -gt 0 ]; then > /usr/bin/logger -i -p local0.notice -t sshguard-null ${@} > fi > } > > fwcmd_debug "${0}: Incoming sshguard(8) action" > > case ${SSHG_ACTION} in > init) > # create table? > fwcmd_debug "${SSHG_ACTION}" > ;; > fin) > fwcmd_debug "${fwcmd} table ${table_id} flush" > ${fwcmd} table ${table_id} flush > ;; > block) > fwcmd_debug "${fwcmd} table ${table_id} add ${SSHG_ADDR}" > ${fwcmd} table ${table_id} add ${SSHG_ADDR} > ;; > block_list) > for a in `echo ${SSHG_ADDR} | sed 's/,/ /g'` ; do > fwcmd_debug "${fwcmd} table ${table_id} add ${a}" > ${fwcmd} table ${table_id} add ${a} > done > ;; > release) > fwcmd_debug "${fwcmd} table ${table_id} delete ${SSHG_ADDR}" > ${fwcmd} table ${table_id} delete ${SSHG_ADDR} > ;; > flush) > fwcmd_debug "${fwcmd} table ${table_id} flush" > ${fwcmd} table ${table_id} flush > ;; > *) > fwcmd_debug "${SSHG_ACTION} unsupported" > ;; > esac > > exit 0 > > I have been using this method on FreeBSD-11-CURRENT for >3 weeks now & have > not observed any crashes. sshguard & ipfw continue to function as expected. Right, Haven't looked into the new stuff due to $work, but that is the way I'm still doing it. More or less based on KISS. (and I think shell-scripts are KISS :) Funny thing I see in your script is that your table ID is: sshguard. So you are already using one of the features I saw that was in the new IPFW code: IDs don't have to be numbers any longer. Now the fun part is that you can reload your firewall without erasing the tables... So the blacklisting is kept in order. If you'd want to remove all blacklisting for testing purposes: ipfw table all flush is your friend. Need to know if a customer landed himself in the blacklist: ipfw table all list | grep ip-nr and so on, and so on. And with alphanumeric table names things get even more fun... I also load table from: swatch for watching httpd/mail/... log files for scriptkidies portsentry for catching people trying portscanning etc... Everything could be improved upon al lot, but it gets most obnoxous tries down. So otehr things have a bigger chance of standing out. --WjW Now for the counterpart: Here is the top part of my ipfw config.... ---- 01000 count ip from any to any # delete (by hand) major blocks that are harasing me # They could also go into a table... 01010 deny ip from 82.75.147.236,77.249.92.231,178.170.161.34,60.208.0.0/13,61.182.0.0/15,116.224.0.0/12,218.108.0.0/15,1.93.0.0/16,222.186.0.0/16,222.240.128.0/17,46.105.102.221 to any 01020 deny ip from any to 82.75.147.236,77.249.92.231,178.170.161.34,60.208.0.0/13,61.182.0.0/15,116.224.0.0/12,218.108.0.0/15,1.93.0.0/16,222.186.0.0/16,222.240.128.0/17,46.105.102.221 # skip over the blocking rules for hackers/spammers for my trusted # IPs.... could also go into a table .... 01030 skipto 2000 ip from ${trustedipnrs} to any 01040 deny ip from table(10) to any 01050 deny ip from table(21) to any 01060 deny ip from table(22) to any 01070 deny ip from table(25) to any 01080 deny ip from table(26) to any 01090 deny ip from table(40) to any 01100 deny ip from table(41) to any 01110 deny ip from table(42) to any 01120 deny ip from table(43) to any 01130 deny ip from table(50) to any 01140 deny ip from table(53) to any 01150 deny ip from table(54) to any 01160 deny ip from table(55) to any 01170 deny ip from table(56) to any 01180 deny ip from table(57) to any 01190 deny ip from table(58) to any 01200 deny ip from table(59) to any 01210 deny ip from table(60) to any 01220 deny ip from table(70) to any 01230 deny ip from table(75) to any 01240 deny ip from table(80) to any 01250 deny ip from table(81) to any 01260 deny ip from table(86) to any # landingpoint if not on the spammerlists 02000 count ip from any to any ------ |
|
From: . g. <fre...@ho...> - 2015-09-03 02:04:27
|
Hi: I would like to know if sshguard not work with Firewalld on CentOS 7 yet? It would be support in later version? Thank you newbie 15'09/03 |
|
From: Kevin Z. <kev...@gm...> - 2015-09-03 02:44:15
|
On 09/02/2015 19:04, . ghost wrote: > I would like to know if sshguard not work with Firewalld on CentOS 7 yet? > It would be support in later version? No support for firewalld yet, but writing a new backend is easy, provided you have the machine and manual pages to test on. Best, Kevin Zheng -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
|
From: . g. <fre...@ho...> - 2015-09-03 07:42:59
|
> Date: Wed, 2 Sep 2015 19:44:13 -0700 > Subject: Re: [Sshguard-users] SSHGuard with CentOS 7 > No support for firewalld yet, but writing a new backend is easy, > provided you have the machine and manual pages to test on. Hi: I just can edit firewall rule with vi and rule file.... (I don't understand use command to set rule) I have a CentOS7 vm, if I want to try it, where can I see the manual pages? Thank you |
Thanks for helping keep SourceForge clean.
X