sshguard: do not create ipset in post-start

Upstream switched to a different type of ipset table, whereas we create ipset in post-start which overrides upstream, and renders sshguard ineffective. Remove ipset creation from post-start, and let it get automatically by upstream script (sshg-fw-ipset) as part of startup
5 years ago · d3c2b992d4
parent eb4e067686
commit d3c2b992d4
1 changed files with 0 additions and 2 deletions
--- a/nixos/modules/services/security/sshguard.nix
+++ b/nixos/modules/services/security/sshguard.nix
@ -107,8 +107,6 @@ in {
      path = with pkgs; [ iptables ipset iproute systemd ];

      postStart = ''
-        ${pkgs.ipset}/bin/ipset -quiet create -exist sshguard4 hash:ip family inet
-        ${pkgs.ipset}/bin/ipset -quiet create -exist sshguard6 hash:ip family inet6
        ${pkgs.iptables}/bin/iptables  -I INPUT -m set --match-set sshguard4 src -j DROP
        ${pkgs.iptables}/bin/ip6tables -I INPUT -m set --match-set sshguard6 src -j DROP
      '';