Search found 433 matches

by twilson
May 19th, 2017, 12:56 pm
Forum: IPFire in General
Topic: Brief report on IPFire by SANS ISC
Replies: 1
Views: 370

Brief report on IPFire by SANS ISC

Hello all, just saw that someone at the SANS ISC wrote a brief report on IPFire. It concludes that the firewall distribution is suitable for home use. https://dshield.org/forums/diary/IPFire+A+Household+Multipurpose+Security+Gateway/22254/ Just thought someone might want to know... Maybe we can set ...
by twilson
April 13th, 2017, 8:18 am
Forum: IPFire in General
Topic: Firewall Default Zone RuleSet
Replies: 5
Views: 828

Re: Firewall Default Zone RuleSet

Hello,

whoof, is IPFire able to handle VLANs at all? ???

Since I have absolutely no experience with this (we use physical isolated networks in my company), I'm afraid I cannot help.

Best regards,
Timmothy Wilson
by twilson
April 13th, 2017, 8:16 am
Forum: Konfiguration
Topic: "local recursor" lässt sich nur durch manuelle Eingabe von google-DNS beheben
Replies: 15
Views: 1827

Re: "local recursor" lässt sich nur durch manuelle Eingabe von google-DNS beheben

Hallo, soweit ich das überblicke, haben verschiedene Leute seit der Umstellung auf "unbound" Probleme mit dem DNS. Wenn es geht, würde ich das nächste Release abwarten, da hat sich m.E. ein bisschen was getan. Erfahrungen mit RED an DHCP habe ich leider (?) gar keine, hier sollte man mal nen Bugrepo...
by twilson
April 13th, 2017, 8:10 am
Forum: Addons allgemein
Topic: IDS Problem CPU Auslastung [Core 108]
Replies: 11
Views: 1550

Re: IDS Problem CPU Auslastung [Core 108]

Hallo, bei mir haben irgendwann mal die "bottcc-portgrouped"-Regeln für Probleme gesorgt. Allerdings läuft die Einbruchsdetektierung auf ARM-Boards sowieso mehr schlecht als recht, insofern weiß ich nicht, wie aussagekräftig das ist. Falls es was nützt, kann ich noch die Seite empfehlen: http://doc....
by twilson
April 13th, 2017, 8:07 am
Forum: IPFire in General
Topic: nsupdate.info issue with Core 109
Replies: 5
Views: 797

Re: nsupdate.info issue with Core 109

Hello, as far as I'm concerned, there is no management console. The DynDNS free plan just offers a free A/AAAA-record (IPv4/IPv6), so there is no need for it. Updates are performed via a Web-API. Management operations such as "disable account" or "change mail address" would be nice, however, it seem...
by twilson
February 28th, 2017, 7:10 pm
Forum: Addons
Topic: GUARDIAN : Block internet IP when snort rule is triggered by outbound rule
Replies: 3
Views: 1018

Re: GUARDIAN : Block internet IP when snort rule is triggered by outbound rule

Hello Vincent, you're right, sorry for the misunderstanding. I have exactly the same question (and don't know a solution to it), perhaps it might be a good idea to file a bug report about this. The IP address 208.91.196.46 seems to be a very well known one: https://cymon.io/208.91.196.46 It is locat...
by twilson
February 28th, 2017, 4:13 pm
Forum: IPFire in General
Topic: nsupdate.info issue with Core 109
Replies: 5
Views: 797

Re: nsupdate.info issue with Core 109

You're welcome.

In the wiki page for the DynDNS provider settings, I added a note about problems with nsupdate.info. Hopefully this might help other users, too.

Best regards,
Timmothy Wilson
by twilson
February 28th, 2017, 4:12 pm
Forum: Addons allgemein
Topic: IDS Problem CPU Auslastung [Core 108]
Replies: 11
Views: 1550

Re: IDS Problem CPU Auslastung [Core 108]

Hallo iSit, dann konzentrieren wir uns doch mal auf Green. (1) In deinem ersten Post schriebst du "manchmal". Geht das ein bisschen genauer? Kannst du die hohe Last provozieren, z.B. indem du auf den Clients Updates einspielst? (2) Was machen die Clients eigentlich? (Netzwerkverkehr, Anwendungen, et...
by twilson
February 28th, 2017, 10:52 am
Forum: Konfiguration
Topic: Snort GUI
Replies: 1
Views: 481

Re: Snort GUI

Hallo, sorry für die späte Antwort. Ich verstehe deine Frage nicht ganz. Soweit ich weiß, gibt es im WebIF eine Seite für das Einrichten von Snort (eine mäßige bis saumäßige Doku findest du hier: http://wiki.ipfire.org/en/configuration/services/ids ). Seit dem Versionssprung auf 2.0 ist die Konfigur...
by twilson
February 28th, 2017, 10:42 am
Forum: Addons allgemein
Topic: IDS Problem CPU Auslastung [Core 108]
Replies: 11
Views: 1550

Re: IDS Problem CPU Auslastung [Core 108]

Hallo, hm, so eine Lastspitze kann an vielem liegen. Wenn snort beispielsweise gerade mit Attacken aus dem Internet zu kämpfen hat, nützt es wenig, wenn die paar Geräte in BLUE/GREEN offline gegangen sind. Sind die IDS-Regeln aktuell? Manchmal schleichen sich da beim Entwicklungsprozess Fehler ein. ...
by twilson
February 28th, 2017, 10:40 am
Forum: Addons
Topic: Guardian ban - permanent
Replies: 7
Views: 1363

Re: Guardian ban - permanent

Hello, how many IP addresses do you want to block permanently? Which ones are they? One solution might be: (a) Set up a new host group containing all the IP addresses you want to block. (b) Create a new firewall rule with Source = The group you created in the first step, Destination = Any, Protocol ...
by twilson
February 28th, 2017, 10:35 am
Forum: IPFire in General
Topic: Update 109 process
Replies: 7
Views: 997

Re: Update 109 process

Hello H&M,

sometimes the IPFire mirrors need a day or so until they have synched their files with the main download site. If it does not work, just try it a few hours or a day later.

The list of mirrors, by the way, is available here: http://mirrors.ipfire.org/

Best regards,
Timmothy Wilson
by twilson
February 28th, 2017, 10:30 am
Forum: Konfiguration
Topic: "local recursor" lässt sich nur durch manuelle Eingabe von google-DNS beheben
Replies: 15
Views: 1827

Re: "local recursor" lässt sich nur durch manuelle Eingabe von google-DNS beheben

Hallo zusammen, Die Server vom CCC kommen und gehen ziemlich häufig daher sind die eher nicht zu gebrauchen... das kann ich hier zumindest für die IP 194.150.168.168 nicht bestätigen, der funktioniert einwandfrei, und das schon seit zwei Jahren. Auf dem Git-Server findet sich aber ein interessanter ...
by twilson
February 28th, 2017, 10:22 am
Forum: IPFire in General
Topic: Firewall Default Zone RuleSet
Replies: 5
Views: 828

Re: Firewall Default Zone RuleSet

Hello, sorry for the late reply. :) Changing the "firewall default policy" as described in the Wiki ( http://wiki.ipfire.org/en/configuration/firewall/default-policy ) is basically possible. For example, if you want to allow network traffic from Blue to Green, set up a new firewall rule: Source: BLU...
by twilson
February 28th, 2017, 10:12 am
Forum: IPFire in General
Topic: nsupdate.info issue with Core 109
Replies: 5
Views: 797

Re: nsupdate.info issue with Core 109

Hello Roberto, the issue you described seems to be independent from the Core Update level, since it occurred to me several times with Core 100 and 103. The provider, nsupdate.info, requires its customers not to send updates if the IP address hasn't changed. Unfortunaly, the DynDNS updating program s...