SSH lockout table - Bogons IPv6 table to large and blocks firewall re-loading (and upon reboot) locks up all LAN traffic to internet
The firewall rules do not load, due to some SSH 'lockout table complaining there are too many bogonsv6 from /etc/bogonsv6 to load into a list/array, leading to firewall not coming on line when FW started up, device non-functional as a result.
There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: too many elements. - The line in question reads : table <bogonsv6> persist file "/etc/bogonsv6"
#SSH Lockout Table
table <sshguard> persist
table <bogons> persist file "/etc/bogons"
table <bogonsv6> persist file "/etc/bogonsv6" (LINE 19)
My /etc/bogonsv6 - it has 113k entires in it.
I had to cut the bogonsv6 file down to a small number of entries, e.g. as seen to bring the traffic management on-line.
- last updated 1598935801 (Tue Sep 1 04:50:01 2020 GMT)
Frankly, I don't want 133k IPv6 FW rules for ssh -- its not practical to manage security and network ingress that way, and well, I also notice the sshd is bound to ALL interface, which is a security problem to have it openly listen to the internet in this new release.
The proper way to design this: ** THE SSH should be able to be bound to ONLY the internal interfaces, like the DNS resolver !!!!!
Updated by Jim Pingle over 1 year ago
- Category set to Rules / NAT
- Status changed from New to Duplicate
- Priority changed from Urgent to Normal
- Target version deleted (
It is the same as the other issue. It has nothing to do with bogons or sshguard themselves, so suggestions about those are not relevant to the other issue.