Package: sshguard
Version: 1.0-2~bpo40+1
Severity: normal
Current implementation is based on:
1. add a chain named sshguard
2. redirect any request on tcp/22 from INPUT to this chain
If any other mecanism add rules to INPUT, they will not apply for tcp/22
Solution:
1. add a chain named sshguard
1b. add a default rule to sshguard to return :
iptables -a -t sshguard -j RETURN
2. redirect any request on tcp/22 from INPUT to this chain
3. Change sshguard to insert new rules at the begining of the chain and not
at the end.
When receiving a tcp/22 packet, rules from sshguard and INPUT will BOTH be
applied.
By the way, you can include in the package a file named
/etc/network/if-up.d/sshguard
#!/bin/sh
iptables -N sshguard
iptables -A INPUT -p tcp --dport 22 -j sshguard
iptables -A sshguard -j RETURN
and a similar /etc/network/if-down.d/sshguard to destroy rules chain.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable'), (100, 'oldstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-4-amd64
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages sshguard depends on:
ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries
sshguard recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
