Search found 4199 matches

by MichaelTremer
May 20th, 2019, 9:06 am
Forum: IPFire in General
Topic: Upgraded to Core 131 - can't enable IPS
Replies: 5
Views: 304

Re: Upgraded to Core 131 - can't enable IPS

Thanks, you were right! I have no idea why the Enable and Monitor checkboxes do not appear until after you save a Ruleset! To me that is completely counter-intuitive. Hey, yes, we have figured that out in the development process, but it was too late to hold the release for this. I hope that we will...
by MichaelTremer
May 11th, 2019, 12:54 pm
Forum: Konfiguration
Topic: 2.23 Core131 Testing
Replies: 28
Views: 706

Re: 2.23 Core131 Testing

DJ-Melo wrote:
May 11th, 2019, 12:52 pm
Mit der Mini-Aplliance Full-Speed! Top in Hard- und Software!
;D
by MichaelTremer
May 3rd, 2019, 8:18 am
Forum: Development
Topic: Different script for mobile vpn (.ovpn creation).
Replies: 4
Views: 711

Re: Different script for mobile vpn (.ovpn creation).

xeonium wrote:
May 2nd, 2019, 12:43 pm
Thats right but exporting/saving of 'insecure client package' only works without password, isn't it?
viewtopic.php?f=50&t=17011&hilit=insecu ... e&start=15
Yes, the PEM format does not support any password-protected containers.
by MichaelTremer
May 1st, 2019, 9:40 am
Forum: Konfiguration
Topic: 2.23 Core131 Testing
Replies: 28
Views: 706

Re: 2.23 Core131 Testing

Virtualisiert ist ipfire mit Virtualbox siehe Profillink verbaut ist https://www.supermicro.com/products/motherboard/Atom/X10/A1SRi-2558F.cfm Das mit der Virtualisierung habe ich übersehen. Die haut ganz besonders rein und reduziert den Durchsatz auf sowas wie ein drittel oder viertel. Genau hab ic...
by MichaelTremer
May 1st, 2019, 9:35 am
Forum: IPFire in General
Topic: Help in setting up IPSec with Amazon VPC
Replies: 2
Views: 657

Re: Help in setting up IPSec with Amazon VPC

Hey, are you talking about the VPN service that is built into AWS? Or do you have an IPFire instance running there. The "invalid argument" is coming from the IP address at the top of the page not being the one that is configured on the RED interface. It will have to be the one that is assigned to th...
by MichaelTremer
May 1st, 2019, 9:33 am
Forum: Generelle Fragen
Topic: Für neue Features Donaten?
Replies: 6
Views: 246

Re: Für neue Features Donaten?

Hi, naja, einmal spenden kannst du da ja auch immer noch :) Aber PayPal ist nicht besonders Datenschutzfreundlich und greift recht hohe Gebühren ab. Und es wäre natürlich schön, wenn so viel von der Spende beim Projekt ankommt wie möglich. Und rosig sieht es derzeit bei wenigen Open Source Projekten...
by MichaelTremer
April 30th, 2019, 5:39 pm
Forum: Konfiguration
Topic: 2.23 Core131 Testing
Replies: 28
Views: 706

Re: 2.23 Core131 Testing

Danke Michael, ich nutze allerdings keine Apu sondern das System wie oben beschrieben. Das mit dem I 7 war mit Fleiß übertrieben dennoch schade dass man jetzt was dedenzietes für 300€ braucht was vorher mit 4 vms auf einem Blech lief. Vorher hattest du *kein IPS*. Es lief auch vorher nicht schnelle...
by MichaelTremer
April 30th, 2019, 4:53 pm
Forum: Konfiguration
Topic: 2.23 Core131 Testing
Replies: 28
Views: 706

Re: 2.23 Core131 Testing

Ich hab der Fire 16 GB Ram verpasst und die Regeln nochmal überarbeitet aber mehr als gute 100 mbit sind nicht drin schade. Ich glaube ich werde euch noch mal einen kleinen Blogpost oder etwas in der Art schreiben mit dem Hintergrund warum ein IPS so funktioniert wie es funktioniert. Aber bezüglich...
by MichaelTremer
April 30th, 2019, 4:43 pm
Forum: Generelle Fragen
Topic: Für neue Features Donaten?
Replies: 6
Views: 246

Re: Für neue Features Donaten?

Hallo, das war die IPFire-Wishlist - unser Crowdfunding-Portal, das wir leider aufgegeben haben. Crowdfunding steckt eigentlich ziemlich in der Krise - aus meiner Sicht. Projekte mit einem guten PR-Team bekommen damit noch etwas hin, aber die eingenommenen Erlöse gehen dann meist auch direkt komplet...
by MichaelTremer
April 29th, 2019, 1:16 pm
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 52
Views: 6237

Re: Is it possible to disable DNSSEC?

tikok974 wrote:
April 29th, 2019, 1:05 pm
What I expected were proposals for solutions. If you have to pay for it then ok...make me an offer that I will submit to my director...but please...stop your false insinuations !
Paid or not, I won't build a switch that allows to globally disable DNSSEC.
by MichaelTremer
April 29th, 2019, 9:30 am
Forum: Generelle Fragen
Topic: OT: Erreichbarkeit des Forums
Replies: 32
Views: 1384

Re: OT: Erreichbarkeit des Forums

Einfach so:

Code: Select all

dig +trace forum.ipfire.org @a.b.c.d
a.b.c.d ist dann die IP-Addresse von deinem Resolver.
by MichaelTremer
April 28th, 2019, 2:45 pm
Forum: Addons
Topic: Suricata much worse than guardian?.
Replies: 42
Views: 1087

Re: Suricata much worse than guardian?.

Snort will just pass packets even if they are malicious. Also it will only use one core and might not scan 100% of the traffic.

I understand your worry and as I said we are working on performance improvements but the IPS is doing a lot of work and that needs CPU cycles.
by MichaelTremer
April 28th, 2019, 1:51 pm
Forum: Addons
Topic: Suricata much worse than guardian?.
Replies: 42
Views: 1087

Re: Suricata much worse than guardian?.

You cannot have had it enabled before. Snort was a lot slower than suricata is. So yeah... if your hardware is quite slow you cannot run the IPS. But the requirements for that haven’t changed.
by MichaelTremer
April 28th, 2019, 11:32 am
Forum: Addons
Topic: Suricata much worse than guardian?.
Replies: 42
Views: 1087

Re: Suricata much worse than guardian?.

It definitely will. It would be nice if we could collect some benchmarks on the wiki so that people who buy hardware can buy the right size.
by MichaelTremer
April 26th, 2019, 4:48 pm
Forum: Addons
Topic: Suricata much worse than guardian?.
Replies: 42
Views: 1087

Re: Suricata much worse than guardian?.

DJ-Melo wrote:
April 26th, 2019, 3:57 pm
That meens we don't Need Guardian anymore?
No, it only stops SSH brute-force attacks on the firewall itself. Suricata also has rules for that.
DJ-Melo wrote:
April 26th, 2019, 4:00 pm
Which rule set is recommended? For beginning?
https://wiki.ipfire.org/configuration/f ... s/rulesets