> On 17 Mar 2022, at 19:34, Charles Brown wrote: > > As with my comment below on Mar 11, the issue was no longer present in the c165 test builds. Surely this is not a current issue or you would have been hearing more noise about it That is the way to go :) > Thanks for looking into it anyway, > -Charles > > On 3/17/2022 10:52 AM, Michael Tremer wrote: >> Hello Charles, >> >> Apologies for the late reply. I believe that this change should make your problem go away: >> >> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=12cd38896795836c3f4e2c8a661b2c36d444d89a >> >> Could you please test again with one of the latest builds? >> >> Best, >> -Michael >> >>> On 11 Mar 2022, at 23:40, Charles Brown wrote: >>> >>> True, it is not reproducible with latest c165 build. >>> However, I punted back to "core165 Development Build: next/cad86575" to test my sanity, the glitch was quite reproducible. >>> Logs are attached: /var/log/messages; the (a) iptables output at first boot; the (b) iptables output after changing hostile fw option to off and rebooting >>> . >>> >>> On 3/11/2022 10:28 AM, Michael Tremer wrote: >>>> Hello, >>>> >>>> I tried to reproduce this and I can’t. >>>> >>>> Could you please send the output of “iptables -L -nv” to help me debug this? >>>> >>>> -Michael >>>> >>>>> On 8 Mar 2022, at 20:13, Charles Brown wrote: >>>>> >>>>> Just tried again with next/2022-03-08 09:59:43 +0000-32ce7ab4/x86_64 >>>>> It seems simple to reproduce. See attached log. >>>>> At initial boot after fresh install, cannot ping local private address gateway -- DROP_HOSTILE >>>>> After editing settings in /var/ipfiire/optionsfw/settings -- changing DROPHOSTILE to off -- and rebooting, things worked as expected. >>>>> I then changed DROPHOSTILE setting to on and rebooted -- resulting again with DROP_HOSTILE when pinging my local gateway. >>>>> >>>>> >>>>> On 3/8/2022 9:47 AM, Michael Tremer wrote: >>>>>> Hello Charles, >>>>>> >>>>>>> On 7 Mar 2022, at 12:26, Charles Brown wrote: >>>>>>> >>>>>>> Did a fresh install of core165 Development Build: next/cad86575 >>>>>>> >>>>>>> 1) Private Network is ‘Hostile’ – should it be? >>>>>> No, it shouldn’t. >>>>>> >>>>>>> Initially, I had no access to red zone. All traffic was getting DROP_HOSTILE. >>>>>>> My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’. >>>>>> Do you have some log files so I can look at what matched? >>>>>> >>>>>> What build are you running? >>>>>> >>>>>> -Michael >>>>>> >>>>>>> 2) Web page ids.cgi stops loading after header >>>>>>> The page header down through "Intrusion Prevention System " is displayed and then stops -- nothing else on the page >>>>>>> Log in httpd error shows as: >>>>>>> "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. " >>>>>>> I went to the directory and created the 'ignored' file and chowned it to nobody:nobody. >>>>>>> That allowed the page to complete loading >>>>>>> >>>>>>> -cab >>>>>>> >>>>> >>>