Package: firehol Version: 3.1.6+ds-4 Severity: important Dear Maintainer,
3.1.6+ds-4 seems to work fine with ipset. The following lines in /etc/firehol/firehol.config seem to work fine. ipv4 ipset create ssh_attackers_ips hash:ip ipv4 ipset addfile ssh_attackers_ips ips ssh_attackers_ips.txt ipv4 blacklist full ipset:ssh_attackers_ips root@dimen:~# firehol restart FireHOL: Saving active firewall to a temporary file... OK FireHOL: Processing file '/etc/firehol/firehol.conf'... OK (170 iptables rules) FireHOL: Activating ipsets... OK FireHOL: Fast activating new firewall... OK FireHOL: Saving activated firewall to '/var/spool/firehol'... OK However with 3.1.6+ds-6 this same file leads to: FireHOL: Saving active firewall to a temporary file... OK FireHOL: Processing file '/etc/firehol/firehol.conf'... OK (170 iptables rules) FireHOL: Activating ipsets... -------------------------------------------------------------------------------- ERROR : # 1 WHEN : Setting default unmatched policy (options: UNMATCHED_INPUT_POLICY UNMATCHED_OUTPUT_POLICY UNMATCHED_ROUTER_POLICY) WHY : ipset ssh_attackers_ips already exists. COMMAND: ipset create ssh_attackers_ips hash:ip MODE : both SOURCE : FIN FireHOL: Restoring old firewall... OK Broadcast message from systemd-journald@dimen (Thu 2018-11-15 21:28:31 GMT): FireHOL[1771]: FAILED to activate the firewall from /etc/firehol/firehol.conf. Last good firewall restoration: OK. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages firehol depends on: ii firehol-common 3.1.6+ds-4 ii lsb-base 9.20170808 Versions of packages firehol recommends: pn fireqos <none> Versions of packages firehol suggests: ii firehol-doc 3.1.6+ds-4 ii firehol-tools 3.1.6+ds-4 pn ulogd2 <none>
