On 26/11/25 19:46, William Kenworthy wrote:
On 26/11/25 18:30, Michael wrote:
On Tuesday, 25 November 2025 23:49:36 Greenwich Mean Time William
Kenworthy
wrote:
Hi all,
Ive just had my intel based internet gateway hardware die so I
have
repurposed a spare odroid xu4 (arm32) and its working except for psad.
When psad tries to ban an IP, it generates the following error:
Nov 26 07:35:03 moriah psad[4930]: could not add iptables block rule
for: <IP number>
I am using openrc with shorewall as the firewall (Internet on a usb
nic,
and internal vlans on the inbuilt one) "fail2ban" is also running and
is successfully banning hits. I cant see that the psad chains are
created (which is probably the source of the error message - from
memory
they are created on the first ban event (not sure?) "psad" , fail2ban
etc have always just worked in the past and I cant see whats wrong.
Any suggestions on where to look?
BillK
I have never used Shorewall to know what rules it adds by default,
but you
need a '-j LOG' for your INPUT and FORWARD chains before psad can
work as
expected.
Yes, thats all working as expected - its the fact that psad fails to
add the generated blocking rule (to DROP the packets) to the shorewall
set. I copied both the shorewall and psad configurations from a
backup of the old (working) machine with no change. Its something
else thats missing - but what?
BillK
Turns out my failed attempt to use firewalld (unfortunately a 15m
startup time for my overly complicated network is ridiculous!) was the
cause. psad looks for firewalld and if it finds it (presumably
installed) it will use it even if its shorewall being used. There are
override commands in the config file but I just uninstalled firewalld.
Caught it on a "ps aux" command while looking for something else.
Hope this helps someone else!
BillK
