Search found 375 matches

by dnl
July 2nd, 2019, 10:48 am
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 6891

Re: Intrusion Prevention System - core 131

Not at all. The traffic toward internal network is close to zero: besides VPN there is no other ports allowed toward Ipfire or any other machine in LAN. The 3 countries allowed are those where I live or travel frecquently so I need to be able to reach my home network while traveling. There really n...
by dnl
July 2nd, 2019, 7:27 am
Forum: IPFire in General
Topic: Not resolving domains
Replies: 18
Views: 1589

Re: Not resolving domains

i stopped using my ipfire firewall for DNS many years ago after they made a change that broke my host file I was using to block ADs, malware, etc... my ipfire points to "the google" DNS servers. my ipfire's DHCP gives out one internal DNS server address which is an internal (green side) rpi running...
by dnl
June 30th, 2019, 11:51 am
Forum: IPFire in General
Topic: IPoE
Replies: 3
Views: 381

IPoE

Hi all, My ISP suggests using IPoE with no VLAN ID. (I assume this means the default VLAN ID is needed?) I must use their modem, which supports bridging, so how do I configure IPFire? (The "VDSL" setting doesn't quite seem right) I've found a few different references to IPoE in these forums but didn...
by dnl
June 30th, 2019, 10:03 am
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 6891

Re: Intrusion Prevention System - core 131

Last thing: I have a big GeoIP filtering in place - less than 3 countries allowed in. So IPS gets little number of packets, vast majority are blocked by GeoIP chain. This chain stops all netscan attempts from so many entities that does that regularly... Wow, I block a lot of countries and have seen...
by dnl
June 30th, 2019, 10:01 am
Forum: IPFire in General
Topic: IPS: Who chooses the default enabled rules in a ruleset?
Replies: 6
Views: 907

Re: IPS: Who chooses the default enabled rules in a ruleset?

It comes from the provider. The defaults are already enabled in the rule files and the others are included as comments. Thanks Arne! I've been able to confirm that. I checked the ruleset provider's rule changes. They had added a new rule to a category in which I had previously disabled a rule. The ...
by dnl
June 30th, 2019, 9:57 am
Forum: Development
Topic: unbound - DoT
Replies: 87
Views: 15055

Re: unbound - DoT

Hi ummeegge,
Thanks for all your great work adding features to IPFire!

Do you think this DoT "DNS Privacy" support will be included in IPFire by default any time soon?
I appreciate the amount of effort you've done to investigate this.
by dnl
June 9th, 2019, 10:21 am
Forum: IPFire in General
Topic: Update 132 breaks DNS blocking
Replies: 15
Views: 2123

Re: Update 132 breaks DNS blocking

As an aside, I'm currently using DoT with Cloudflare (1.1.1.1) on my mobile device outside of my home network, but using plaintext DNS inside as I use a Pi-hole for Ad Blocking. The Pi-hole software is excellent for seamlessly improving privacy and it's very easy to use. I'll have to investigate if ...
by dnl
June 9th, 2019, 10:12 am
Forum: IPFire in General
Topic: Update 132 breaks DNS blocking
Replies: 15
Views: 2123

Re: Update 132 breaks DNS blocking

Thanks Matthias. The old instructions in the wiki didn't address "Private DNS" in any forms, so port 853 for DoT wasn't blocked. I fixed that when I updated them yesterday. I've also specifically blocked TCP/443 for 8.8.8.8 and 8.8.4.4 to block DoH for Google public DNS. (This step hasn't made it to...
by dnl
June 9th, 2019, 4:54 am
Forum: IPFire in General
Topic: Update 132 breaks DNS blocking
Replies: 15
Views: 2123

Re: Update 132 breaks DNS blocking

This solution solved for me: https://wiki.ipfire.org/configuration/firewall/dns 2. Create “permit” incoming firewall rules for IPFire's DNS server Source: Standard networks ( GREEN or BLUE ) Destination: Firewall ( GREEN or BLUE ) Protocol: “- Preset” Service Group: DNS Action: ACCEPT Thanks, but I...
by dnl
June 8th, 2019, 7:11 am
Forum: IPFire in General
Topic: Update 132 breaks DNS blocking
Replies: 15
Views: 2123

Re: Update 132 breaks DNS blocking

Well I hope it is as I've just updated the wiki page!

If I can get someone else to confirm the problem and that the fix is the best solution I will remove the warning I previously put the top of the wiki page.
by dnl
June 8th, 2019, 6:44 am
Forum: IPFire in General
Topic: yum update times out after upgrade to 131
Replies: 21
Views: 1518

Re: yum update times out after upgrade to 131

It's my opinion that emerging-policy.rules is probably one of the least useful rulesets. Is there a reason you're using it? I've had some ideas for how to write a procedure for tuning IPS rules. As non-one else has come up with anything yet, I'll have a try if I have time soon. EDIT: spent a few hou...
by dnl
June 8th, 2019, 6:32 am
Forum: IPFire in General
Topic: Update 132 breaks DNS blocking
Replies: 15
Views: 2123

Re: Update 132 breaks DNS blocking

If I follow the original wiki instructions but add additional "Incoming" firewall rules to allow access to DNS to the firewall's interfaces it appears to have the correct functionality. For example: Source: Standard networks "GREEN" Destination: Firewall "GREEN" Protocol: - Preset, Service Groups "D...
by dnl
June 8th, 2019, 2:08 am
Forum: IPFire in General
Topic: Update 132 breaks DNS blocking
Replies: 15
Views: 2123

Re: Update 132 breaks DNS blocking

Does anyone have an updated diagram for iptables? I remember seeing one which showed the various chains and how they interact. I confess I find them difficult to follow in a shell. It seems that Update 132 has changed how the rules are arranged. A rule which previously blocked SSH outbound (amongst ...
by dnl
June 8th, 2019, 2:06 am
Forum: IPFire in General
Topic: Suricata vs Guardian: Loss of IP blocking
Replies: 6
Views: 981

Re: Suricata vs Guardian: Loss of IP blocking

As Michael stated in bugzilla, the discussion should also take place in the development mailing list. The forum reaches the broad audience of all users, but isn't read sometimes by the core developpers. The mailing list is read more frequent read by those guys, which can/will implement these featur...
by dnl
June 8th, 2019, 2:03 am
Forum: IPFire in General
Topic: Update 132 breaks DNS blocking
Replies: 15
Views: 2123

Update 132 breaks DNS blocking

The wiki has instructions for forcing all clients to use IPFire for DNS , rather than resolving directly to the internet. This is a good security practice. Since upgrading to core update 132 I have found that the firewall rules to block external DNS traffic are now preventing clients from resolving ...