Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 16144baa1eca
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: aeeb30a3b298
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Jul 28, 2019

  1. sshguard: do not create ipset in post-start [backport #65453] 

    Upstream switched to a different type of ipset table, whereas we
create ipset in post-start which overrides upstream, and renders
sshguard ineffective.

Remove ipset creation from post-start, and let it get automatically
by upstream script (sshg-fw-ipset) as part of startup
    @wahjava @edef1c
    wahjava authored and edef1c committed Jul 28, 2019

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    aeeb30a View commit details
Showing with 0 additions and 2 deletions.
  1. +0 −2 nixos/modules/services/security/sshguard.nix
2 changes: 0 additions & 2 deletions nixos/modules/services/security/sshguard.nix
View file
Original file line number Diff line number Diff line change
@@ -107,8 +107,6 @@ in {
path = with pkgs; [ iptables ipset iproute systemd ];

postStart = ''
${pkgs.ipset}/bin/ipset -quiet create -exist sshguard4 hash:ip family inet
${pkgs.ipset}/bin/ipset -quiet create -exist sshguard6 hash:ip family inet6
${pkgs.iptables}/bin/iptables -I INPUT -m set --match-set sshguard4 src -j DROP
${pkgs.iptables}/bin/ip6tables -I INPUT -m set --match-set sshguard6 src -j DROP
'';