Package: sshguard
Version: 1.6.4-1
Severity: normal
Dear Maintainer,
When restarting sshguard, I see error messages:
$ /etc/init.d/sshguard restart
[....] Restarting SSHGuard Server: sshguardiptables: No chain/target/match by
that name.
ip6tables: No chain/target/match by that name.
. ok
I traced this back to the following commands in /usr/lib/sshguard/firewall,
which is called from the sshguard init script:
if [ "$OS" = "Linux" ]; then
#
# Function that enables firewall
#
do_enable_firewall()
{
# creating sshguard chain
iptables -w -N sshguard 2> /dev/null
ip6tables -w -N sshguard 2> /dev/null
# block traffic from abusers
iptables -L input|grep -q sshguard || iptables -w -I INPUT -j
sshguard 2> /dev/null
ip6tables -L input|grep -q sshguard || ip6tables -w -I INPUT -j
sshguard 2> /dev/null
}
The issue is that there is no "input" chain/target/match.
I think the last two lines should instead be:
iptables -L INPUT|grep -q sshguard || iptables -w -I INPUT -j
sshguard 2> /dev/null
ip6tables -L INPUT|grep -q sshguard || ip6tables -w -I INPUT -j
sshguard 2> /dev/null
So with "input" changed to "INPUT".
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages sshguard depends on:
ii init-system-helpers 1.31
ii iptables 1.6.0-2
ii libc6 2.22-7
sshguard recommends no packages.
sshguard suggests no packages.
-- Configuration Files:
/etc/default/sshguard changed [not included]
/etc/sshguard/whitelist changed [not included]
-- no debconf information
