On Sun, 2021-02-21 at 20:01 +0100, Michael Biebl wrote: > Unfortunately I have no idea what sshguard is. > Is that another firewall?
I expect you've found out yourself by now, but fwiw, sshguard adds brute-force protection to ssh. It analyses log files for signs of brute force attempts and updates firewall rules to block connections as appropriate. > Does it install iptables / nftables rules (which might clash with > firewalld). The latest package version uses the nftables backend. Setup when using firewalld involves adding a couple of rich-rules as below. I do not know what sshguard specifically does internally to make things work, but some part of this setup, presumably with the switch to nftables, is clearly broken. > What exactly do you mean with "sshguard config"? The sshguard firewalld config is described in [1] & [2], and is essentially this: 1. # firewall-cmd --zone=zone-name --permanent --add-rich-rule="rule source ipset=sshguard4 drop" 2. # firewall-cmd --zone=zone-name --permanent --add-rich-rule="rule source ipset=sshguard6 drop" [1]: https://manpages.debian.org/testing/sshguard/sshguard-setup.7.en.html [2]: https://wiki.archlinux.org/index.php/Sshguard On Sun, 2021-02-21 at 20:10 +0100, Michael Biebl wrote: > After looking at the package description, I think this is a sshguard > issue. Ok, fair enough :) > Looking at the git log of sshguard, maybe upgrading to a newer > sshguard > version helps. > It has commits like > > https://bitbucket.org/sshguard/sshguard/commits/5927e696a8f0bc323f66d1edcce1365a70972320 > which look related. Indeed that does look very much related and I agree that it would be good to test a newer version of sshguard with those changes to see if that resolves it. I was too exhausted yesterday to think about looking at sshguard developments; sorry about that.
