Package: sshguard
Version: 1.6.0-1
The systemd unit configuration file calls /usr/lib/sshguard/firewall in
ExecStartPre/ExecStopPost to create a sshguard chain and insert a default
rule in the firewall on start and delete them on stop.
This behavior is supposed to be controlled by ENABLE_FIREWALL in
/etc/default/sshguard: if set to 0, no firewall changes should be made when
sshguard starts.
The patch below sources /etc/default/sshguard in /usr/lib/sshguard/firewall
similarly to the old init script to resolve the issue.
diff --git a/debian/firewall b/debian/firewall
index c00f261..8fc6393 100644
--- a/debian/firewall
+++ b/debian/firewall
@@ -1,6 +1,11 @@
#!/bin/sh
OS=$(uname)
+NAME=sshguard
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
if [ "$OS" = "Linux" ]; then
#
@@ -60,20 +65,22 @@ else
}
fi
-case "$1" in
- enable)
- do_enable_firewall
- ;;
- disable)
- do_disable_firewall
- ;;
- restart)
- do_disable_firewall
- do_enable_firewall
- ;;
- *)
- exit 1
- ;;
-esac
+if [ "$ENABLE_FIREWALL" = "1" ]; then
+ case "$1" in
+ enable)
+ do_enable_firewall
+ ;;
+ disable)
+ do_disable_firewall
+ ;;
+ restart)
+ do_disable_firewall
+ do_enable_firewall
+ ;;
+ *)
+ exit 1
+ ;;
+ esac
+fi
exit 0
