dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

sshguard: do not create ipset in post-start

Browse Source 
Upstream switched to a different type of ipset table, whereas we
create ipset in post-start which overrides upstream, and renders
sshguard ineffective.

Remove ipset creation from post-start, and let it get automatically
by upstream script (sshg-fw-ipset) as part of startup
This commit is contained in:
Ashish SHUKLA 2019-07-27 10:59:50 +05:30
parent eb4e067686
commit d3c2b992d4
No known key found for this signature in database
GPG Key ID: C746CFA9E74FA4B0
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/security/sshguard.nix
View File

@ -107,8 +107,6 @@ in {
path = with pkgs; [ iptables ipset iproute systemd ];
postStart = ''
${pkgs.ipset}/bin/ipset -quiet create -exist sshguard4 hash:ip family inet
${pkgs.ipset}/bin/ipset -quiet create -exist sshguard6 hash:ip family inet6
${pkgs.iptables}/bin/iptables -I INPUT -m set --match-set sshguard4 src -j DROP
${pkgs.iptables}/bin/ip6tables -I INPUT -m set --match-set sshguard6 src -j DROP
'';