Package: sshguard Version: 1.0-2~bpo40+1 Severity: normal Current implementation is based on: 1. add a chain named sshguard 2. redirect any request on tcp/22 from INPUT to this chain
If any other mecanism add rules to INPUT, they will not apply for tcp/22 Solution: 1. add a chain named sshguard 1b. add a default rule to sshguard to return : iptables -a -t sshguard -j RETURN 2. redirect any request on tcp/22 from INPUT to this chain 3. Change sshguard to insert new rules at the begining of the chain and not at the end. When receiving a tcp/22 packet, rules from sshguard and INPUT will BOTH be applied. By the way, you can include in the package a file named /etc/network/if-up.d/sshguard #!/bin/sh iptables -N sshguard iptables -A INPUT -p tcp --dport 22 -j sshguard iptables -A sshguard -j RETURN and a similar /etc/network/if-down.d/sshguard to destroy rules chain. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (100, 'oldstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22-4-amd64 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages sshguard depends on: ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries sshguard recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]