Search found 375 matches

by dnl
December 28th, 2017, 4:48 am
Forum: IPFire in General
Topic: clamav doesn't block ssl malicious downloads?
Replies: 2
Views: 1023

Re: clamav doesn't block ssl malicious downloads?

In IPFire Clamav is an addon for the Squid proxy . It can only scan what is visible to the proxy, which is only (unencrypted) http traffic. This is becoming less effective as more of the internet defaults to https every year. (A Troy Hunt blog post recently mentioned most web traffic is now HTTPS, b...
by dnl
December 16th, 2017, 3:37 am
Forum: IPFire in General
Topic: Multiple NICs
Replies: 5
Views: 1395

Re: Multiple NICs

This is from the wiki. I haven't done it before, so I cannot say if it works. https://wiki.ipfire.org/optimization/using_extra_ports_as_a_network_switch Thanks Trymes! They may answer peksi's question. I was originally hoping to set up a second unique BLUE network separate to the existing one. I wa...
by dnl
December 15th, 2017, 8:59 am
Forum: IPFire in General
Topic: Multiple NICs
Replies: 5
Views: 1395

Re: Multiple NICs

I came to ask a similar question. The IPFire 'setup' program only allows for any combination of GREEN, BLUE and ORANGE but not multiple of each. While it wouldn't be hard to configure an unused interface in a root shell and name it GREEN1, it wouldn't inherit all the complex firewall rules IPFire us...
by dnl
October 17th, 2017, 9:04 am
Forum: Development
Topic: WPA KRACK attack
Replies: 4
Views: 1757

Re: WPA KRACK attack

For the record the Git link in your Planet IPFire post seems to be incorrect.

I think it should be what you used in Twitter: https://git.ipfire.org/?p=ipfire-2.x.gi ... 6d384a6bc9
by dnl
October 17th, 2017, 6:13 am
Forum: Development
Topic: WPA KRACK attack
Replies: 4
Views: 1757

Re: WPA KRACK attack

Thanks for being quick to react Michael. It's been 15 hours since your post, when do you expect the 32-bit packages please? I read that the original wpa_supplicant patch for this vulnerability availble by the 16th did not actually mitigate it. Hopefully that's now been resolved! Edit: See https://ww...
by dnl
October 2nd, 2017, 8:24 am
Forum: Development
Topic: Chrony NTP for IPFire?
Replies: 0
Views: 626

Chrony NTP for IPFire?

Are there any developers who could please try to compile and package Chrony for IPFire? I've been using other systems using Chrony on my network to provide time for a number of years. Chrony recently had a security audit and compared with ntpd and NTPSec: See: https://www.coreinfrastructure.org/news...
by dnl
July 16th, 2017, 3:52 am
Forum: Development
Topic: Update Accelerator - regex Question
Replies: 1
Views: 887

Re: Update Accelerator - regex Question

Although not what I was originally planning, I came up with an alternative by filtering for what I wanted (whitelist) rather than trying to exclude things. if ($source_url =~ m@^[h|f]t?tp://[^?]+(primary|comps|filelists|prestodelta|x86\_64|noarch)\.(xml\.gz|rpm|drpm)$@i) This caters for files ending...
by dnl
July 15th, 2017, 11:22 am
Forum: Development
Topic: Update Accelerator - regex Question
Replies: 1
Views: 887

Update Accelerator - regex Question

Hello, After using IPFire for years I've finally enabled the Update Accelerator. It's fantastic! As I only want to cache Fedora and CentOS packages with it, I've cut the Linux source down to this: if ($source_url =~ m@^[h|f]t?tp://[^?]+\.(xml\.gz|rpm|drpm)$@i) { $xlrator_url = &check_cache($source_u...
by dnl
July 14th, 2017, 11:36 am
Forum: IPFire in General
Topic: IDS rules
Replies: 3
Views: 1269

Re: IDS rules

Hi,
The white space beneath that horizontal line should show a long list of rules.
See the second image on the wiki page here: http://wiki.ipfire.org/en/configuration/services/ids

Do you happen to have any browser add-ons, like an AD or script blocker?
If so you'll need to trust your IPFire system.
by dnl
July 13th, 2017, 11:52 am
Forum: IPFire in General
Topic: Permanently block external ICMP only [SOLVED]
Replies: 6
Views: 2916

Re: Permanently block external ICMP only [SOLVED]

Updated the wiki page and added a section briefly explaining the -i interface option.
https://wiki.ipfire.org/en/optimization/ping/start
by dnl
July 6th, 2017, 11:40 am
Forum: IPFire in General
Topic: Permanently block external ICMP only [SOLVED]
Replies: 6
Views: 2916

Re: Permanently block external ICMP only

I'm now quite sure that it's impossible to set the specific firewall rules I'm after using only the web UI. The problem is that even if I add the rules to the rc.local they are disabled by some scheduled process every day or so. What process would IPFire have which would overwrite a custom firewall ...
by dnl
July 5th, 2017, 9:21 am
Forum: Addons
Topic: Powertop forgets setup
Replies: 3
Views: 1578

Re: Powertop forgets setup

Hello, Powertop is a monitoring tool. The "auto tune" feature has only been added in more recent versions. The best way to apply this is to add that exact command to the /etc/sysconfig/rc.local so that it runs each boot. echo '/usr/sbin/powertop --auto-tune' >> /etc/sysconfig/rc.local Check that /et...
by dnl
July 5th, 2017, 9:11 am
Forum: IPFire in General
Topic: Permanently block external ICMP only [SOLVED]
Replies: 6
Views: 2916

Re: Permanently block external ICMP only

Hi ctwigger,

Thank you for trying to help. My question was how those specific rules could be created using the GUI.
by dnl
July 4th, 2017, 12:01 pm
Forum: IPFire in General
Topic: No "backup" file generated
Replies: 3
Views: 1319

Re: No "backup" file generated

I'm able to generate backups* with "Exclude logfiles" in Core Update 111.

Does nothing happen when you click the "Backup" icon (a blue arrow on a hard disk)?


* The backups are 26 MiB in size and look OK. I've not tried a restore.