On 26/11/25 18:30, Michael wrote:
On Tuesday, 25 November 2025 23:49:36 Greenwich Mean Time William Kenworthy wrote:Hi all, Ive just had my intel based internet gateway hardware die so I have repurposed a spare odroid xu4 (arm32) and its working except for psad. When psad tries to ban an IP, it generates the following error: Nov 26 07:35:03 moriah psad[4930]: could not add iptables block rule for: <IP number> I am using openrc with shorewall as the firewall (Internet on a usb nic, and internal vlans on the inbuilt one) "fail2ban" is also running and is successfully banning hits. I cant see that the psad chains are created (which is probably the source of the error message - from memory they are created on the first ban event (not sure?) "psad" , fail2ban etc have always just worked in the past and I cant see whats wrong. Any suggestions on where to look? BillKI have never used Shorewall to know what rules it adds by default, but you need a '-j LOG' for your INPUT and FORWARD chains before psad can work as expected.
Yes, thats all working as expected - its the fact that psad fails to add the generated blocking rule (to DROP the packets) to the shorewall set. I copied both the shorewall and psad configurations from a backup of the old (working) machine with no change. Its something else thats missing - but what?
BillK
