On 2021-05-05 8:56 p.m., Trent W. Buck wrote:
Debian 10 defaults to nftables, and iptables(8) is a backcompat wrapper:bash5$ mmdebstrap --quiet buster /dev/null --include=iptables --customize-hook='chroot $1 readlink -f /usr/sbin/iptables' /usr/sbin/xtables-nft-multi sshguard should Just Work even if your main firewall is still using xtables directly. Linux will happily operate with some firewall rules in xtables, and some firewall rules in nft --- but it can be VERY hard to debug!
I guess the problem is that upon upgrade to buster, that default doesn't change, but the backend in sshguard's config file does.
So, you upgrade, reboot. You watch the log, see IPs getting added, but nothing is actually being blocked.
--Pat
