forum.ipfire.org

Curious about net setup up for Pi-Hole. Can I hang the RP/Pi-Hole box off my green net with a fixed address and then assign my IPFire DNS Server Address to be the Pi-Hole?

A sweet bit of hacking there, H&M
Any chance this capability would make it into IPFire 2.x in the next few months?

-cb

I recently noticed a disturbing packet dropped by timfprogs/blocklist tool for the TOR_ALL list. I use OpenVPN to access Green from Blue. The blocked packet was targeting my OpenVPN Tun0 address 10.42.241.14 port 123 (NTP). What disturbs me is the idea that some external entity could be aware of the...

Hi TimF, The block-lists for FEODO_BAD_IP and FEODO_IP get errors after downloading and do not load any entries in 'ipset' The errors consist of a long list of: Use of uninitialized value $address in pattern match (m//) at /usr/local/bin/blocklist.pl line 634, <LIST> line 152. Use of uninitialized v...

TimF,

Wow, thanks for the comprehensive reply

-cbrown

Okay, after a reboot I see counts increasing for pkts and bytes for CIARMY – along with DROP_CIARMY entries in Firewall log. I was confused earlier by the blanks showing earlier ( blanks not even zeroes ) for CIARMY in the image above. I’m still unclear on the meaning of Safe I suppose this topic wo...

TimF, My simple cave-man brain is having trouble making sense out of the columns for Safe, Pkts, Bytes. Could you point me to something that explains what the corresponding values mean? Safe -- Safe to block? Pkts -- Packets blocked? Bytes -- Bytes blocked? CIARMY seems to have the highest volume of...

I just did a manual rule update with 'update-ids-ruleset' then checked 'System Logs->Intrusion Prevention'. The log shows: [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/surica ta/whitelist.rules I then ran a manual update for timfprogs/ipfblocklist. The blocklist update f...

FWIW, the whitelisted host is the repository for “The CINS Army List” used by the timfprogs/ipfblocklist feature. So, the traffic getting blocked is coming from my IPFire box going to the whitelisted host. Again, this seems to work fine for several hours – with the whitelisted site being successfull...

It seems that at least one of the entries I have in "Intrusion Prevention System->Whitelisted Hosts" stops getting whitelisted after some period of time. Over the course of several hours of running without issue, the rule that blocks this address starts blocking it again. I will continue to monitor ...

I whitelisted the address.

thx

The target site appears to be the repository for "The CINS Army List" timfprogs/ipfblocklist feature.

TimF: if I'm wrong here, please reply.

thx

Whenever Suricata reloads rules, I see this error on the log: [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/surica ta/whitelist.rules I thought that perhaps it would go away if I were to add a few entries to “Whitelisted Hosts”. However, that made no difference, the “no w...

Hi ummeegge,

Yes, I see the IPS events when rules fire in "IPS Logs".
I was looking for other things like when Suricata is starting, stopping, updating rules, etc.

cbrown