diff options
author | Ashish SHUKLA <ashish.is@lostca.se> | 2019-07-27 10:59:50 +0530 |
---|---|---|
committer | Ashish SHUKLA <ashish.is@lostca.se> | 2019-07-27 10:59:50 +0530 |
commit | d3c2b992d4350d5ed36139eab8ac4c5349de5a64 (patch) | |
tree | e58c734349cac23881722db3966c66849a81439e | |
parent | eb4e067686d1121d2d4a3d7ac2ed080339125eeb (diff) | |
download | nixpkgs-d3c2b992d4350d5ed36139eab8ac4c5349de5a64.tar nixpkgs-d3c2b992d4350d5ed36139eab8ac4c5349de5a64.tar.gz nixpkgs-d3c2b992d4350d5ed36139eab8ac4c5349de5a64.tar.bz2 nixpkgs-d3c2b992d4350d5ed36139eab8ac4c5349de5a64.tar.lz nixpkgs-d3c2b992d4350d5ed36139eab8ac4c5349de5a64.tar.xz nixpkgs-d3c2b992d4350d5ed36139eab8ac4c5349de5a64.tar.zst nixpkgs-d3c2b992d4350d5ed36139eab8ac4c5349de5a64.zip |
sshguard: do not create ipset in post-start
Upstream switched to a different type of ipset table, whereas we create ipset in post-start which overrides upstream, and renders sshguard ineffective. Remove ipset creation from post-start, and let it get automatically by upstream script (sshg-fw-ipset) as part of startup
-rw-r--r-- | nixos/modules/services/security/sshguard.nix | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/nixos/modules/services/security/sshguard.nix b/nixos/modules/services/security/sshguard.nix index 3892cd5c72b..25cec5b5b10 100644 --- a/nixos/modules/services/security/sshguard.nix +++ b/nixos/modules/services/security/sshguard.nix @@ -107,8 +107,6 @@ in { path = with pkgs; [ iptables ipset iproute systemd ]; postStart = '' - ${pkgs.ipset}/bin/ipset -quiet create -exist sshguard4 hash:ip family inet - ${pkgs.ipset}/bin/ipset -quiet create -exist sshguard6 hash:ip family inet6 ${pkgs.iptables}/bin/iptables -I INPUT -m set --match-set sshguard4 src -j DROP ${pkgs.iptables}/bin/ip6tables -I INPUT -m set --match-set sshguard6 src -j DROP ''; |