Search found 83 matches

by TimF
September 27th, 2019, 9:14 am
Forum: IPFire in General
Topic: IPS Blocking port forwarded ssh
Replies: 1
Views: 209

Re: IPS Blocking port forwarded ssh

Have you checked the IPS logs to see which rule is blocking the traffic? It's a bad idea to enable all the rules. Even if you just enable all the categories, there are rules that can block ordinary traffic. It also takes a lot of processor power to process the rules, so there's a chance you could be...
by TimF
August 20th, 2019, 7:13 pm
Forum: IPFire in General
Topic: Ipfblocklist (IP Blocklists for IPFire)
Replies: 16
Views: 2329

Re: Ipfblocklist (IP Blocklists for IPFire)

Hi,

I've just uploaded an uninstaller. It should work, but my ability to test it is limited at the moment.
by TimF
June 27th, 2019, 6:29 pm
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 5260

Re: Intrusion Prevention System - core 131

Probably the ET hits were one of the IP Address blacklists. These packets are often port scans and would be blocked by the default input policy anyway. The lists are: BOTCC, CIARMY, COMPROMISED-IPS, DROP and DSHIELD. If any of these rules is hit it's because the IP Address is recognised as a potenti...
by TimF
June 27th, 2019, 6:20 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 79
Views: 7625

Re: Ipfstatusmail (Status emails for IPFire)

When I corrected the name of the plugin I forgot to change the MANIFEST file. I've fixed it now.

Thank you for reporting it.
by TimF
June 20th, 2019, 7:24 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 79
Views: 7625

Re: Ipfstatusmail (Status emails for IPFire)

Sorry, I've not had much available time over the last few weeks.

I've just uploaded an uninstaller, plus some minor bug fixes. You should be able to do:

Code: Select all

wget https://github.com/timfprogs/ipfstatusmail/raw/master/uninstall-statusmail.sh
chmod +x uninstall-statusmail.sh
./uninstall-statusmail.sh
by TimF
June 9th, 2019, 7:02 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 79
Views: 7625

Re: Ipfstatusmail (Status emails for IPFire)

It'll take a few days, but you should just be able to run the installer again to overwrite the old version. Unless, of course, you have other reasons to uninstall.
by TimF
June 7th, 2019, 7:43 pm
Forum: IPFire in General
Topic: DNS ?
Replies: 7
Views: 487

Re: DNS ?

IPFire often doesn't use the files in /etc; try under /var/ipfire. In this case /var/ipfire/ethernet/settings, but also /etc/ppp/resolv.conf . I'm not sure which file is used when.
by TimF
June 7th, 2019, 7:20 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 79
Views: 7625

Re: Ipfstatusmail (Status emails for IPFire)

I've uploaded an new version which can see imported keys that don't have an expiry data. it's also got a little bit more information when things go wrong. Just download and run the installer to get it. If you don't receive any emails the chain of evidence should be as follows: The link /etc/fcron.ho...
by TimF
June 6th, 2019, 8:07 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 79
Views: 7625

Re: Ipfstatusmail (Status emails for IPFire)

I don't know why it's stopped working for you, but I think I've identified why it's not seeing the key (no expiry date). I'll come up with a fix for it.
by TimF
June 6th, 2019, 7:45 pm
Forum: IPFire in General
Topic: Update Accelerator Cache Maintenance
Replies: 6
Views: 850

Re: Update Accelerator Cache Maintenance

There's a script here which may help:

viewtopic.php?f=50&t=12984&p=114556#p112760
by TimF
June 5th, 2019, 8:49 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 79
Views: 7625

Re: Ipfstatusmail (Status emails for IPFire)

Two answers. First , the PGP key expected is an ASCII armoured public key. It should look like: -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFz4J/YBCAC/wzMkadGIDWctazpRLhNXBvQugAbsnBGJOy86rmibv1uP+Nwp txfXDxw19XDFouuhJTKjtQ+zjhP0a6dpN/QxfVlWjIsG0NQyckarxql0JylCN6UM MSOBwsjw0uvaja2vw5kOD59SVpF+rneJbmrvz...
by TimF
June 1st, 2019, 12:07 am
Forum: IPFire in General
Topic: apt-get update error with IPS Suricata
Replies: 3
Views: 375

Re: apt-get update error with IPS Suricata

I'm improving my understanding as well... The main category for the 'basic' rules is ET INFO, however there are some in ET POLICY as well, and there may well be a few elsewhere. I think that the difference is that the rules in ET INFO are really only useful as 'basic' rules - for setting flowbits us...
by TimF
May 31st, 2019, 7:42 pm
Forum: IPFire in General
Topic: apt-get update error with IPS Suricata
Replies: 3
Views: 375

Re: apt-get update error with IPS Suricata

I would suggest being very careful of rules in the 'Policy' category The rules here are for stopping applications that are not necessarily unsafe but which are not allowed by a company's policy, for example Facebook. While some rules are distributed as enabled by default, you need to go through the ...
by TimF
May 26th, 2019, 7:46 pm
Forum: IPFire in General
Topic: [Solved] timfprogs/ipfblocklist -- Safe, Pkts, Bytes
Replies: 5
Views: 397

Re: timfprogs/ipfblocklist -- Safe, Pkts, Bytes

It looks like they've changed the URLs. I've updated the sources file; you can re-install or just download the one file. It should work correctly at the next update without any further action. Note that the FEODO_BAD_IP list has gone and there's a new FEODO_AGGRESIVE list (which is a superset of the...
by TimF
May 24th, 2019, 3:18 pm
Forum: IPFire in General
Topic: [Solved] timfprogs/ipfblocklist -- Safe, Pkts, Bytes
Replies: 5
Views: 397

Re: timfprogs/ipfblocklist -- Safe, Pkts, Bytes

Pkts and Bytes are the number of Packets and Bytes dropped due to the blacklist. The higher the number, the more the blacklist is protecting you. Note that for the BOGON and TOR lists it's quite normal not to see any dropped packets - seeing dropped packets here may be an indication that you've got ...