forum.ipfire.org

I'm having a look at the problem of preserving changes in the list of enabled and disabled rules over an update. Obviously this is a non-trivial problem (or it would already be in IPFire), but I think I've got an approach that will work, and the initial code is looking promising. There's quite a bit...

It's a silly little error: it was checking for redo rather than red0.pid ; the box I have access to daily uses ppp0. I've updated the code in my original post. I've also changed it to 'restart' snort rather than 'start' so that it shuts down any existing instances, rather than just blindly starting ...

It could be that it's not recognising the names of your interfaces. This is the problem I originally had since the script looked for red0 while I had ppp0. You could have yet another option. Can you check the names of your interfaces: Look for /var/run/snort_*.pid and also the contents of /var/ipfir...

I think what you want is a variation on blocking access from the blue network to the web interface; see: https://wiki.ipfire.org/configuration/firewall/accesstoblue The information you want is towards the bottom of the page. Note you may wish to block access to port 222 (the command line) as well.

It looks like there are a couple of errors in the snortupdate.pl script: The last few digits of the Snort update file name are the version of snort (currently 2.9.11.1); the MD5 at the beginning of the line is the nearest thing to a version number. The red interface can be red0 or ppp0 - if it's the...

Hi,

Since upgrading to core update 111, the WUI no longer shows the any nodes in the list of blocked IP addresses for guardian.

If I look at the iptable for guardian it shows blocked addresses, and the guardian log also shows nodes being blocked and the blocks expiring.

Any ideas?

Hi, I'm having a problem with the random number daemon on my IPFire box crashing. This seems to happen some time after a restart. An example of the syslog messages is: 16:05:01 kernel: rngd[1997]: segfault at 805e000 ip 0804b1be sp b9c9d64c error 6 in rngd[8048000+ 5000] 16:05:01 kernel: grsec: Segm...

Could you do a trace route to ipfire.org and use the first address that responds, but not immediately? Not exactly trivial, but shouldn't be too hard either.

I'm not suggesting doing this every time , but maybe once a day.