Search found 83 matches

by TimF
April 15th, 2018, 4:49 pm
Forum: IPFire in General
Topic: Snort Rules Update
Replies: 81
Views: 26953

Re: Snort Rules Update

I'm having a look at the problem of preserving changes in the list of enabled and disabled rules over an update. Obviously this is a non-trivial problem (or it would already be in IPFire), but I think I've got an approach that will work, and the initial code is looking promising. There's quite a bit...
by TimF
April 8th, 2018, 12:13 pm
Forum: IPFire in General
Topic: Snort Rules Update
Replies: 81
Views: 26953

Re: Snort Rules Update

It's a silly little error: it was checking for redo rather than red0.pid ; the box I have access to daily uses ppp0. I've updated the code in my original post. I've also changed it to 'restart' snort rather than 'start' so that it shuts down any existing instances, rather than just blindly starting ...
by TimF
April 7th, 2018, 2:42 pm
Forum: IPFire in General
Topic: Snort Rules Update
Replies: 81
Views: 26953

Re: Snort Rules Update

It could be that it's not recognising the names of your interfaces. This is the problem I originally had since the script looked for red0 while I had ppp0. You could have yet another option. Can you check the names of your interfaces: Look for /var/run/snort_*.pid and also the contents of /var/ipfir...
by TimF
April 5th, 2018, 5:29 pm
Forum: IPFire in General
Topic: Block Web Interface Within Green Network
Replies: 11
Views: 1313

Re: Block Web Interface Within Green Network

I think what you want is a variation on blocking access from the blue network to the web interface; see: https://wiki.ipfire.org/configuration/firewall/accesstoblue The information you want is towards the bottom of the page. Note you may wish to block access to port 222 (the command line) as well.
by TimF
April 5th, 2018, 1:16 am
Forum: IPFire in General
Topic: Snort Rules Update
Replies: 81
Views: 26953

Re: Snort Rules Update

It looks like there are a couple of errors in the snortupdate.pl script: The last few digits of the Snort update file name are the version of snort (currently 2.9.11.1); the MD5 at the beginning of the line is the nearest thing to a version number. The red interface can be red0 or ppp0 - if it's the...
by TimF
June 17th, 2017, 7:15 pm
Forum: IPFire in General
Topic: WUI not showing Guardian blocked hosts
Replies: 11
Views: 2268

WUI not showing Guardian blocked hosts

Hi,

Since upgrading to core update 111, the WUI no longer shows the any nodes in the list of blocked IP addresses for guardian.

If I look at the iptable for guardian it shows blocked addresses, and the guardian log also shows nodes being blocked and the blocks expiring.

Any ideas?
by TimF
June 17th, 2017, 7:12 pm
Forum: IPFire in General
Topic: rngd crashes
Replies: 0
Views: 409

rngd crashes

Hi, I'm having a problem with the random number daemon on my IPFire box crashing. This seems to happen some time after a restart. An example of the syslog messages is: 16:05:01 kernel: rngd[1997]: segfault at 805e000 ip 0804b1be sp b9c9d64c error 6 in rngd[8048000+ 5000] 16:05:01 kernel: grsec: Segm...
by TimF
June 10th, 2017, 7:31 pm
Forum: IPFire in General
Topic: Gateway Graph - How is this made?
Replies: 14
Views: 2569

Re: Gateway Graph - How is this made?

Could you do a trace route to ipfire.org and use the first address that responds, but not immediately? Not exactly trivial, but shouldn't be too hard either.

I'm not suggesting doing this every time , but maybe once a day.