Search found 83 matches
- April 15th, 2018, 4:49 pm
- Forum: IPFire in General
- Topic: Snort Rules Update
- Replies: 81
- Views: 38695
Re: Snort Rules Update
I'm having a look at the problem of preserving changes in the list of enabled and disabled rules over an update. Obviously this is a non-trivial problem (or it would already be in IPFire), but I think I've got an approach that will work, and the initial code is looking promising. There's quite a bit...
- April 8th, 2018, 12:13 pm
- Forum: IPFire in General
- Topic: Snort Rules Update
- Replies: 81
- Views: 38695
Re: Snort Rules Update
It's a silly little error: it was checking for redo rather than red0.pid ; the box I have access to daily uses ppp0. I've updated the code in my original post. I've also changed it to 'restart' snort rather than 'start' so that it shuts down any existing instances, rather than just blindly starting ...
- April 7th, 2018, 2:42 pm
- Forum: IPFire in General
- Topic: Snort Rules Update
- Replies: 81
- Views: 38695
Re: Snort Rules Update
It could be that it's not recognising the names of your interfaces. This is the problem I originally had since the script looked for red0 while I had ppp0. You could have yet another option. Can you check the names of your interfaces: Look for /var/run/snort_*.pid and also the contents of /var/ipfir...
- April 5th, 2018, 5:29 pm
- Forum: IPFire in General
- Topic: Block Web Interface Within Green Network
- Replies: 11
- Views: 2442
Re: Block Web Interface Within Green Network
I think what you want is a variation on blocking access from the blue network to the web interface; see: https://wiki.ipfire.org/configuration/firewall/accesstoblue The information you want is towards the bottom of the page. Note you may wish to block access to port 222 (the command line) as well.
- April 5th, 2018, 1:16 am
- Forum: IPFire in General
- Topic: Snort Rules Update
- Replies: 81
- Views: 38695
Re: Snort Rules Update
It looks like there are a couple of errors in the snortupdate.pl script: The last few digits of the Snort update file name are the version of snort (currently 2.9.11.1); the MD5 at the beginning of the line is the nearest thing to a version number. The red interface can be red0 or ppp0 - if it's the...
- June 17th, 2017, 7:15 pm
- Forum: IPFire in General
- Topic: WUI not showing Guardian blocked hosts
- Replies: 11
- Views: 3467
WUI not showing Guardian blocked hosts
Hi,
Since upgrading to core update 111, the WUI no longer shows the any nodes in the list of blocked IP addresses for guardian.
If I look at the iptable for guardian it shows blocked addresses, and the guardian log also shows nodes being blocked and the blocks expiring.
Any ideas?
Since upgrading to core update 111, the WUI no longer shows the any nodes in the list of blocked IP addresses for guardian.
If I look at the iptable for guardian it shows blocked addresses, and the guardian log also shows nodes being blocked and the blocks expiring.
Any ideas?
- June 17th, 2017, 7:12 pm
- Forum: IPFire in General
- Topic: rngd crashes
- Replies: 0
- Views: 633
rngd crashes
Hi, I'm having a problem with the random number daemon on my IPFire box crashing. This seems to happen some time after a restart. An example of the syslog messages is: 16:05:01 kernel: rngd[1997]: segfault at 805e000 ip 0804b1be sp b9c9d64c error 6 in rngd[8048000+ 5000] 16:05:01 kernel: grsec: Segm...
- June 10th, 2017, 7:31 pm
- Forum: IPFire in General
- Topic: Gateway Graph - How is this made?
- Replies: 14
- Views: 3861
Re: Gateway Graph - How is this made?
Could you do a trace route to ipfire.org and use the first address that responds, but not immediately? Not exactly trivial, but shouldn't be too hard either.
I'm not suggesting doing this every time , but maybe once a day.
I'm not suggesting doing this every time , but maybe once a day.