sshguard was tking several minutes to start up, and on running in debug mode, I noticed a slow processing of reverse lookups as "iptables -L" was run. If the iptables initialization command is changed to "iptables -n -L sshguard", there are two benefits. Initialization is a snap, and there is a check for the necessary "sshguard" chain in the iptables ruleset. That second benefit might help users who thing they have sshguard setup (it starts okay), only to run into an error when sshguard detects an action-worthy incident.
You really ought to report this upstream.
(In reply to Jeroen Roovers from comment #1) > You really ought to report this upstream. I did, but not via sourceforge. The report was submitted via http://www.sshguard.net/ I'll visit the sourceforge link next.
(In reply to c.cboldt from comment #2) > (In reply to Jeroen Roovers from comment #1) > > You really ought to report this upstream. > > I did, but not via sourceforge. The report was submitted via > http://www.sshguard.net/ I looked in vain for a way to communicate it through there. > I'll visit the sourceforge link next. I doubt it is needed, then.
Created attachment 381182 [details, diff] Speed iptables initialization; catch addition sshd intrusion attempts Patch the iptables initialization command to `iptables -n -L sshguard` Patch one of the regex strings to catch both ... Failed password for root from 60.173.26.53 port 2944 ssh2 Failed password for invalid user root from 60.173.26.53 port 2944 ssh2
(In reply to Jeroen Roovers from comment #3) > (In reply to c.cboldt from comment #2) > > (In reply to Jeroen Roovers from comment #1) > > > You really ought to report this upstream. > > > > I did, but not via sourceforge. The report was submitted via > > http://www.sshguard.net/ > > I looked in vain for a way to communicate it through there. > > > I'll visit the sourceforge link next. > > I doubt it is needed, then. Belt and suspenders. I don't know which entity is more responsive. I also had an issue with the regex for sshd (as you'll see from the patch). The sshguard.net site has a place to provide suggestions for new regex's. I used that to suggest the change to the iptables initialization command. A bug report has been dropped at sourceforge as well. I have no problem with this bug being closed, particularly if there is no intention to fix it from the distribution side. I've taken care of the issues for my purposes, with the patch and a local ebuild.
I support closing this bug. I've likewise taken care of the issues for my purposes. In my case, by abandoning sshguard and composing a homebrew dynamic firewall. There is no sense to leave this open as a Gentoo bug.