I’ve been getting familiar with Shorewall since last fall, and quite like it. I also use sshguard to prevent incessent knocking on SSH and FTP ports. Or I thought I was using sshguard, after all, it was running. Then I realized that I had set up and tested sshguard way before I started using Shorewall, and as my understanding of how Shorewall functions gradually incrased, it eventually occurred to me that Shorewall likely overwrites the ‘placeholder’ chain sshguard needs to function.
I was looking for an easy way to view and occasionally delete sshguard rules, and came across Mika’s post that outlined two handy command line aliases that accomplish just that. While starting to test these, I noticed the ‘sshguard’ chain was nowhere to be found.
My first attempt was to load the sshguard chain with iptables-restore in pre-up, but that disabled the entire network! 😀 I suppose sshguard chain needs to come after Shorewall chains/rules have been initialized. While I’m not sure if this is the best way to get it working, this does work: I added two lines from sshguard sample ruleset in /etc/rc.local:
iptables -N sshguard
iptables -A INPUT -j sshguard