Looks like this one is fixed: here is the service file of 2.3.1-1 realease [Unit]Description=SSHGuard Documentation=man:sshguard(8) After=network.target Before=sshd.service
You may consider to close this bug On Wed, 16 Jan 2019 22:53:58 +0100 Simon Vetter <simon.vet...@edf-sf.com> wrote: > Package: sshguard > Version: 1.7.1-1 > > On systems with ufw (uncomplicated firewall, a popular firewall manager/frontend) *and* sshguard installed, a race condition exists between sshguard's firewall setup script and ufw. > > As I understand it, ufw calls iptables-restore on multiple files on startup to create and populate its various chains. > If, during one of those calls, /usr/lib/sshguard/firewall is called to add the sshguard chain, the iptable-restore call fails and ufw cracks open. > This has bitten me a few times, leaving remote boxes unreachable over the network after a reboot since ufw was unable to restore all of its rules. > > sshguard's systemd service file seems to have an After= directive which should prevent this, as ufw specifies a Before=network.target directive. > > [Unit] > Description=SSHGuard > Documentation=man:sshguard(8) > After=network.service > Before=sshd.service > > Since none of my Debian systems have a network.service file, I tried changing "After=network.service" to "After=network.target", which did the trick: sshguard is now started well after ufw, and after tens of reboots I haven't seen the issue come up again. > > Given my limited systemd knowledge, this may or may not be the best fix, but I believe something along these lines should be changed and a new package published. > > This is on Debian 9.6 (latest at the time of this writing), all packages up to date. > > Cheers, > -Simon > > -- > -- > Simon Vetter > Embedded Software Engineer - EDF store & forecast > Phone: +33 7 83 40 26 11 > -- **Fabrice MEYER* Software and System Engineer* EDF Store & Forecast 13 Avenue Albert Einstein 69100 Villeurbanne France *fabrice.me...@edf-sf.com* *www.edf-sf.com*
