RE: IPFire meets Suricata - Call for tester

[Mentalic <mentalic@cox.net>]

[-- Attachment #1: Type: text/plain, Size: 4091 bytes --]

Exposed my test setup directly to my cable modem and noticed a couple of things.

-The Firewall log seems to only list items that match my firewall rules. Gone was the typical several a minute "drop_input" entry noise, there was zero drop_input's in 15min or so. Possible logging issue?

-Suricata placed entries into IPS log, but what is done with them? Don't see a block list like Guardian generated.

-Are there any incompatibility issues with using the backup function to restore to this version? I had made a backup from my core 127 system with the old intrusion detection/guardian not active just in case.

Regards
Wayne

-----Original Message-----
From: Development [mailto:development-bounces(a)lists.ipfire.org] On Behalf Of Mentalic
Sent: Tuesday, February 19, 2019 4:12 PM
To: 'Stefan Schantl'; development(a)lists.ipfire.org
Subject: RE: IPFire meets Suricata - Call for tester

Stefan

Yep I had downloaded the nightly and suspected is was not current, and so posted the build number.

With the 5d7d8749 loaded I have not seen any of the previous issues nor any others thus far.

Regards
Wayne 

-----Original Message-----
From: Development [mailto:development-bounces(a)lists.ipfire.org] On Behalf Of Stefan Schantl
Sent: Tuesday, February 19, 2019 5:34 AM
To: development(a)lists.ipfire.org
Subject: Re: IPFire meets Suricata - Call for tester

Hello Wayne,

it seems you accidentally downloaded and tested the wrong image.

The latest one is 5d7d8749 were you downloaded one is an older release.

Sadly the nightly build service and therefore the images are one day later than the upgrade tarballs....

You simply can update to this release by using the RC3 tarball or download the available "5d7d8749" ISO.

Best regards,

-Stefan
> Loaded the new iso, reports build 77c07352. Still having connection 
> issues with suricata as soon as its activated where existing 
> connections would continue to work, no new connections were possible.
> Reboot results in no connection timeouts. Disable suricata, reboot, 
> connections work.
> 
> Any graphical data trend under Status tab reports errors and remains 
> blank. Typically on new installs the trends at least show the chart 
> even though data had not been collected.
> 
> Configured options:
> Geoip
> Proxy on green and blue
> URL filter
> suricata on red/blue Running a number of emerging threats rule sets.
> 
> Regards
> Wayne
> 
> 
> 
> -----Original Message-----
> From: Development [mailto:development-bounces(a)lists.ipfire.org] On 
> Behalf Of Stefan Schantl
> Sent: Monday, February 18, 2019 7:16 AM
> To: development(a)lists.ipfire.org
> Subject: Re: IPFire meets Suricata - Call for tester
> 
> Hello list,
> 
> I've uploaded the third release candidate, which hopefully would be 
> the last one.
> 
> It fixes the issue that no traffic could be passed through the 
> firewall when suricata was running on some machines and no graphs 
> could be displayed anymore. Thanks to Wayne for reporting and Michael 
> Tremer for testing and fixing.
> 
> The new tarball (i586 for 32bit-systems, and x86_64) can be found
> here:
> 
> https://people.ipfire.org/~stevee/suricata/
> 
> To start testing download the tarball and place it on your IPFire 
> system. Extract the tarball and launch the install (install.sh) 
> script.
> 
> If you already have installed a previous test version or image, with 
> the same steps as noted above you can update the the new version.
> 
> As always, if you prefer a fresh installation, the latest image can be 
> grabbed from here:
> 
> https://nightly.ipfire.org/next-suricata/latest/x86_64/
> 
> Direct link for downloading the ISO image:
> 
> https://nightly.ipfire.org/next-suricata/latest/x86_64/ipfire-2.21.x86
> _64-full-core128.iso
> 
> Thanks for downloading and testing. There are no known bugs so far, as 
> usual please file any bugs to our bugtracker (
> https://bugzilla.ipfire.org) and share your feedback on the list.
> 
> Best regards,
> 
> -Stefan
>