Possible bug in Guardian Web Interface

Questions to IPFire Addons.
Post Reply
amwood
Posts: 1
Joined: November 10th, 2014, 10:01 am

Possible bug in Guardian Web Interface

Post by amwood » November 20th, 2017, 5:20 pm

The IP address of a site I needed to access had been blocked by the Guardian add on. So in the web interface, I added the IP to the ignore list and tried to remove it from the list of blocked hosts.

The ipfire refused to remove it from the list of blocked hosts. Logging in with ssh and checking /var/log/messages, I found this:
Nov 20 17:13:51 ipfire guardian[4152]: <info> Ignoring event for <IP-ADDRESS>, because it is part of the ignore list.
So I had to disable the IP in the ignore list, remove it from the blocked list, then re-enable it in the ignore list.

Is this deliberate behaviour or a bug? I had assumed that the ignore list was meant to apply to IDS events, not to user requests!

User avatar
FischerM
Community Developer
Community Developer
Posts: 740
Joined: November 2nd, 2011, 12:28 pm

Re: Possible bug in Guardian Web Interface

Post by FischerM » November 21st, 2017, 8:44 am

Hi,

IMHO: could be normal behaviour. You're not allowed to 'ignore' an already blocked client address and vice versa.

I tested the opposite: I tried to add an already existing 'ignored host' to the block list and got the same message:
"Ignoring event...because it is part of the ignore list".

Screen output or some errormessage would be fine, but isn't implemented yet.

If not sure, please open a bug report.

HTH,
Matthias

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests