Re: Testing Issues with core165 Development Build: next/cad86575

[Charles Brown <cab_77573@yahoo.com>]

[-- Attachment #1: Type: text/plain, Size: 3250 bytes --]

As with my comment below on Mar 11, the issue was no longer present in 
the c165 test builds. Surely this is not a current issue or you would 
have been hearing more noise about it
Thanks for looking into it anyway,
-Charles

On 3/17/2022 10:52 AM, Michael Tremer wrote:
> Hello Charles,
>
> Apologies for the late reply. I believe that this change should make your problem go away:
>
>    https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=12cd38896795836c3f4e2c8a661b2c36d444d89a
>
> Could you please test again with one of the latest builds?
>
> Best,
> -Michael
>
>> On 11 Mar 2022, at 23:40, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>
>> True, it is not reproducible with latest c165 build.
>> However, I punted back to "core165 Development Build: next/cad86575" to test my sanity, the  glitch was quite reproducible.
>> Logs are attached:  /var/log/messages; the (a) iptables output at first boot; the (b) iptables output after changing hostile fw option to off and rebooting
>> .
>>
>> On 3/11/2022 10:28 AM, Michael Tremer wrote:
>>> Hello,
>>>
>>> I tried to reproduce this and I can’t.
>>>
>>> Could you please send the output of “iptables -L -nv” to help me debug this?
>>>
>>> -Michael
>>>
>>>> On 8 Mar 2022, at 20:13, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>>
>>>> Just tried again with next/2022-03-08 09:59:43 +0000-32ce7ab4/x86_64
>>>> It seems simple to reproduce.  See attached log.
>>>> At initial boot after fresh install, cannot ping local private address gateway -- DROP_HOSTILE
>>>> After editing settings in /var/ipfiire/optionsfw/settings -- changing DROPHOSTILE to off -- and rebooting, things worked as expected.
>>>> I then changed DROPHOSTILE setting to on and rebooted -- resulting again with DROP_HOSTILE when pinging my local gateway.
>>>>
>>>>
>>>> On 3/8/2022 9:47 AM, Michael Tremer wrote:
>>>>> Hello Charles,
>>>>>
>>>>>> On 7 Mar 2022, at 12:26, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>>>>
>>>>>> Did a fresh install of core165 Development Build: next/cad86575
>>>>>>
>>>>>> 1) Private Network is ‘Hostile’ – should it be?
>>>>> No, it shouldn’t.
>>>>>
>>>>>> Initially, I had no access to red zone.  All traffic was getting DROP_HOSTILE.
>>>>>> My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’.
>>>>> Do you have some log files so I can look at what matched?
>>>>>
>>>>> What build are you running?
>>>>>
>>>>> -Michael
>>>>>
>>>>>> 2) Web page ids.cgi stops loading after header
>>>>>> The page header down through "Intrusion Prevention System <?>" is displayed and then stops -- nothing else on the page
>>>>>> Log in httpd error shows as:
>>>>>>    "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. "
>>>>>> I went to the directory and created the 'ignored' file and chowned it to nobody:nobody.
>>>>>> That allowed the page to complete loading
>>>>>>
>>>>>> -cab
>>>>>>
>>>> <hostile_private_net.log>
>> <var_log_messages.txt><iptables_L_nv_a.txt><iptables_L_nv_b.txt>