Your message dated Wed, 10 Nov 2021 17:19:31 +0000 with message-id <[email protected]> and subject line Bug#983203: fixed in sshguard 2.4.2-1 has caused the Debian Bug report #983203, regarding [sshguard] firewalld error - invalid ipset sshguard4 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 983203: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983203 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: firewalld Version: 0.9.3-2 Severity: important I'm experiencing problems on a Sid system with firewalld and sshguard - firewalld does not seem happy with the sshguard config for some reason. I set things up for sshguard a while ago and today happened to notice a problem when trying to add a temporary firewall rule while playing around with DLNA which resulted in an error... `firewall-cmd --add-port=1900/udp` gave: Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 1900}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}]} Checking `systemctl status firewalld` led to the discovery that firewalld did not seem happy with the existing permanent sshguard config, which had been added with the following commands (per sshguard setup instructions): 1. firewall-cmd --permanent --zone=public --add-rich-rule="rule source ipset=sshguard4 drop" 2. firewall-cmd --permanent --zone=public --add-rich-rule="rule source ipset=sshguard6 drop" `firewall-cmd --info-ipset=sshguard4` gives: Error: INVALID_IPSET: sshguard4 `firewall-cmd --state` gives: failed `systemctl status firewalld` gives: ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2021-02-21 00:44:38 GMT; 34min ago Docs: man:firewalld(1) Main PID: 1973 (firewalld) Tasks: 2 (limit: 4636) Memory: 25.1M CPU: 1.328s CGroup: /system.slice/firewalld.service └─1973 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid Feb 21 00:44:37 debian systemd[1]: Starting firewalld - dynamic firewall daemon... Feb 21 00:44:38 debian systemd[1]: Started firewalld - dynamic firewall daemon. Feb 21 00:44:38 debian firewalld[1973]: ERROR: INVALID_IPSET: sshguard4 Feb 21 00:44:38 debian firewalld[1973]: ERROR: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [> Feb 21 00:44:38 debian firewalld[1973]: ERROR: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [> If I remove the sshguard4 & sshguard6 rich rules and reload firewalld, then it's happy. The errors just reported in the status output all disappear; the state switches to running; the temporary DLNA rule gets successfully added. Re-adding the sshguard rules causes the problems to reappear.
--- End Message ---
--- Begin Message ---Source: sshguard Source-Version: 2.4.2-1 Done: Julián Moreno Patiño <[email protected]> We believe that the bug you reported is fixed in the latest version of sshguard, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julián Moreno Patiño <[email protected]> (supplier of updated sshguard package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Nov 2021 16:55:33 -0500 Source: sshguard Architecture: source Version: 2.4.2-1 Distribution: unstable Urgency: medium Maintainer: Julián Moreno Patiño <[email protected]> Changed-By: Julián Moreno Patiño <[email protected]> Closes: 919525 930866 983203 Changes: sshguard (2.4.2-1) unstable; urgency=medium . * New upstream release. (Closes: #919525, #930866, #983203) * debian/copyright, Extend copyright holders years. + Update upstream copyright. * debian/compat, Remove file, using virtual package instead. * debian/rules, Install lib scripts in libexec. + Remove sed in conf file, Multiarch now is not necessary. * debian/upstream/metadata, Update upstream metadata. * debian/control, Add virtual package debhelper-compat 13. + Add Rules-Requires-Root to no. + Bump Standards-Version to 4.6.0.1 (no changes). + Add Pre-Depends field. * debian/sshguard.conf.linux, Adjust path to libexec. * debian/watch, Use version 4. Checksums-Sha1: a5281b18f55c193d1aed5b2176571a926e7ca61c 1878 sshguard_2.4.2-1.dsc 1f254887355bd6523db2791f48a525856623da40 835431 sshguard_2.4.2.orig.tar.gz 41127ae179b966c01862c5ee628e3cb97a8670c6 7304 sshguard_2.4.2-1.debian.tar.xz 072871df8fd48c0a7293ef654a0f090f67597586 5651 sshguard_2.4.2-1_source.buildinfo Checksums-Sha256: c1c05b5c02862a335896cf5b08223301719025dd6c72b075a50a08f59090987f 1878 sshguard_2.4.2-1.dsc 2770b776e5ea70a9bedfec4fd84d57400afa927f0f7522870d2dcbbe1ace37e8 835431 sshguard_2.4.2.orig.tar.gz 3e2df814fa7904d51504f29971ae5d1158aab9be73540d4259b3c5ee4aa57f27 7304 sshguard_2.4.2-1.debian.tar.xz cdc210ecd1ef1a11b7ba4f3c1a23e6961c7b87beb5fb2818585abb0a7768d84d 5651 sshguard_2.4.2-1_source.buildinfo Files: 75661d09bf996263ac34166699f3965c 1878 net optional sshguard_2.4.2-1.dsc 0f83f5e7e1b197fb3bd4e9dfe9e601e6 835431 net optional sshguard_2.4.2.orig.tar.gz 2167a329b37b2e9fcb30c01ff3eea67a 7304 net optional sshguard_2.4.2-1.debian.tar.xz f3571703ca2b06eae3ad5528ab98cd19 5651 net optional sshguard_2.4.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEwsiQTjFM2PoEHZsA1f38FWFov2AFAmGL+pcSHGp1bGlhbkBk ZWJpYW4ub3JnAAoJENX9/BVhaL9gUnUP/2RsZx62QNdfeLFMu0Yswvx4lssN70ls TL5sFuK3GXf5NuU1DwRbVYRv1LOZG0eGFIDH9X7q9kZRg/ws8zXdfCHDZ8m2lA9V Ic7AF9slqOs3gCz8+EXzv9rqJtOM0C2JjWOwXCRExpi2+i+VBbQVGlnNGFUR5y8e +c3BV6JPNrokgsv4bujrDvX46RWj5XbaxsLAHq4RoaU7QCsNuFlaWTCoewLFBxF0 IxMjcJfSD/RbML56VZWUY9pUZkOFug+RGvga34ny+gPp0kdXSZ1GBtNzPJKhjSlH rJaFn1+AG0T5vNpypqzDGxot9cr61lwYS1GrEdyUrwPw+2aT3xxONHULbSvos0Ab 8fkRrZ9dPS4SqZljVS2GbUgkQqTnZzf7WPErSHVstm2n2GCPooYZVgFku/vbfxPw ThGUk0r8rGqmUiuCRO30qPfLKA5P1YiddX8dkYREo0feNQiD6RKRImmbQ9Ww3YMw ENUIoKRi/w0TaG7jDAyBglEvm6GF5GNAd+WXimFY6i7LtOe/J0ThhFFdCdttbX/y +tx/L2eKzv1ZqmLl75r3cCBlTvcIBO/hjODtrfI0qG1NWtF1DxVlp5AWBp3m218u RzNINBITka0JjG4DmZesre/mNwwwCShV3oSwBfGIdHnLwpF8+98B+Sy8h9L44DXx 7F3dfG+tGipZ =5EA7 -----END PGP SIGNATURE-----
--- End Message ---
