From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: Core116 - Guardian Priority Not Working Date: Sat, 11 Nov 2017 19:12:33 +0100 Message-ID: <20171111191233.5399f78e.peter.mueller@link38.eu> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2690848549063920538==" List-Id: --===============2690848549063920538== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hello, could you please file this issue into a bug at: https://bugzilla.ipfire.org/ Thank you. :-) Best regards, Peter Müller > Hi > > I have Guardian set to only block Snort Priority Level 1 alerts but it's > blocking Level 2 as well. > > Alert: > > [**] [1:2402000:4623] ET DROP Dshield Block Listed Source group 1 [**] > [Classification: Misc Attack] [Priority: 2] > 11/11-12:18:49.554499 77.72.82.7:53790 -> myip:4569 > TCP TTL:246 TOS:0x28 ID:53722 IpLen:20 DgmLen:40 > ******S* Seq: 0xFBE35F5A Ack: 0x0 Win: 0x400 TcpLen: 20 > [Xref => http://feeds.dshield.org/block.txt] > > syslog: > > Nov 11 12:18:49 ipfire guardian[3955]: Blocking 77.72.82.7 for 86400 > seconds... > > /var/ipfire/guardian/guardian.conf: > > # Autogenerated configuration file. > # All user modifications will be overwritten. > > # Log settings. > LogFacility = syslog > LogLevel = info > > # IPFire related settings. > FirewallEngine = IPtables > SocketOwner = nobody:nobody > IgnoreFile = /var/ipfire/guardian/guardian.ignore > > # Configured block settings. > BlockCount = 1 > BlockTime = 86400 > FirewallAction = DROP > > # Enabled modules. > Monitor_SSH = /var/log/messages > Monitor_SNORT = /var/log/snort/alert > Monitor_HTTPD = /var/log/httpd/error_log > > # Module settings. > SnortPriorityLevel = 1 > > Does anyone know of a fix? > > Thanks, > > Douglas Duckworth, MSc, LFCS > HPC System Administrator > Scientific Computing Unit > Physiology and Biophysics > Weill Cornell Medicine > E: doug(a)med.cornell.edu > O: 212-746-6305 > F: 212-746-8690 --===============2690848549063920538==--