* Testing Issues with core165 Development Build: next/cad86575
[not found] <06172f89-90ad-7851-ad93-25cd8d390c38.ref@yahoo.com>
@ 2022-03-07 12:26 ` Charles Brown
2022-03-08 15:47 ` Michael Tremer
0 siblings, 1 reply; 9+ messages in thread
From: Charles Brown @ 2022-03-07 12:26 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 871 bytes --]
Did a fresh install of core165 Development Build: next/cad86575
1) Private Network is ‘Hostile’ – should it be?
Initially, I had no access to red zone. All traffic was getting
DROP_HOSTILE.
My test setup has gateway through a 192.168 private network. Could not
ping my 192.168 gateway without disabling the “drop hostile” feature.
Somehow I thought that private network range would not be considered
‘hostile’.
2) Web page ids.cgi stops loading after header
The page header down through "Intrusion Prevention System <?>" is
displayed and then stops -- nothing else on the page
Log in httpd error shows as:
"Unable to read file /var/ipfire/suricata/ignored at
/var/ipfire/general-functions.pl line 883. "
I went to the directory and created the 'ignored' file and chowned it to
nobody:nobody.
That allowed the page to complete loading
-cab
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Testing Issues with core165 Development Build: next/cad86575
2022-03-07 12:26 ` Testing Issues with core165 Development Build: next/cad86575 Charles Brown
@ 2022-03-08 15:47 ` Michael Tremer
2022-03-08 20:13 ` Charles Brown
0 siblings, 1 reply; 9+ messages in thread
From: Michael Tremer @ 2022-03-08 15:47 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1137 bytes --]
Hello Charles,
> On 7 Mar 2022, at 12:26, Charles Brown <cab_77573(a)yahoo.com> wrote:
>
> Did a fresh install of core165 Development Build: next/cad86575
>
> 1) Private Network is ‘Hostile’ – should it be?
No, it shouldn’t.
> Initially, I had no access to red zone. All traffic was getting DROP_HOSTILE.
> My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’.
Do you have some log files so I can look at what matched?
What build are you running?
-Michael
>
> 2) Web page ids.cgi stops loading after header
> The page header down through "Intrusion Prevention System <?>" is displayed and then stops -- nothing else on the page
> Log in httpd error shows as:
> "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. "
> I went to the directory and created the 'ignored' file and chowned it to nobody:nobody.
> That allowed the page to complete loading
>
> -cab
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Testing Issues with core165 Development Build: next/cad86575
2022-03-08 15:47 ` Michael Tremer
@ 2022-03-08 20:13 ` Charles Brown
2022-03-11 16:28 ` Michael Tremer
0 siblings, 1 reply; 9+ messages in thread
From: Charles Brown @ 2022-03-08 20:13 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1688 bytes --]
Just tried again with next/2022-03-08 09:59:43 +0000-32ce7ab4/x86_64
It seems simple to reproduce. See attached log.
At initial boot after fresh install, cannot ping local private address
gateway -- DROP_HOSTILE
After editing settings in /var/ipfiire/optionsfw/settings -- changing
DROPHOSTILE to off -- and rebooting, things worked as expected.
I then changed DROPHOSTILE setting to on and rebooted -- resulting again
with DROP_HOSTILE when pinging my local gateway.
On 3/8/2022 9:47 AM, Michael Tremer wrote:
> Hello Charles,
>
>> On 7 Mar 2022, at 12:26, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>
>> Did a fresh install of core165 Development Build: next/cad86575
>>
>> 1) Private Network is ‘Hostile’ – should it be?
> No, it shouldn’t.
>
>> Initially, I had no access to red zone. All traffic was getting DROP_HOSTILE.
>> My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’.
> Do you have some log files so I can look at what matched?
>
> What build are you running?
>
> -Michael
>
>> 2) Web page ids.cgi stops loading after header
>> The page header down through "Intrusion Prevention System <?>" is displayed and then stops -- nothing else on the page
>> Log in httpd error shows as:
>> "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. "
>> I went to the directory and created the 'ignored' file and chowned it to nobody:nobody.
>> That allowed the page to complete loading
>>
>> -cab
>>
>>
[-- Attachment #2: hostile_private_net.log --]
[-- Type: text/plain, Size: 60081 bytes --]
Mar 8 19:51:01 (none) syslogd 1.5.1: restart (remote reception).
Mar 8 13:52:19 (none) kernel: r8169 0000:01:00.0 green0: renamed from eth0
Mar 8 13:52:19 (none) kernel: ax88179_178a 2-2:1.0 red0: renamed from eth2
Mar 8 13:52:19 (none) kernel: r8169 0000:02:00.0 blue0: renamed from eth1
Mar 8 13:52:38 (none) kernel: Kernel logging (proc) stopped.
Mar 8 13:52:38 (none) kernel: Kernel log daemon terminating.
Mar 8 13:52:39 (none) exiting on signal 15
Mar 8 13:52:43 ipfire syslogd 1.5.1: restart (remote reception).
Mar 8 13:52:43 ipfire unbound: [1655:0] notice: init module 0: validator
Mar 8 13:52:43 ipfire unbound: [1655:0] notice: init module 1: iterator
Mar 8 13:52:43 ipfire acpid: starting up with netlink and the input layer
Mar 8 13:52:43 ipfire acpid: 1 rule loaded
Mar 8 13:52:43 ipfire acpid: waiting for events: event logging is off
Mar 8 13:52:43 ipfire unbound: [1655:0] info: start of service (unbound 1.14.0).
Mar 8 13:52:43 ipfire unbound: [1655:0] error: SERVFAIL <. DNSKEY IN>: exceeded the maximum nameserver nxdomains
Mar 8 13:52:45 ipfire kernel: RTL8211E Gigabit Ethernet r8169-0-100:00: attached PHY driver (mii_bus:phy_addr=r8169-0-100:00, irq=MAC)
Mar 8 13:52:45 ipfire kernel: r8169 0000:01:00.0 green0: Link is Down
Mar 8 13:52:46 ipfire kernel: RTL8211E Gigabit Ethernet r8169-0-200:00: attached PHY driver (mii_bus:phy_addr=r8169-0-200:00, irq=MAC)
Mar 8 13:52:46 ipfire kernel: r8169 0000:02:00.0 blue0: Link is Down
Mar 8 13:52:46 ipfire dhcpcd[1816]: dhcpcd-9.4.1 starting
Mar 8 13:52:46 ipfire dhcpcd[1819]: DUID 00:04:03:00:02:00:04:00:05:00:00:06:00:07:00:08:00:09
Mar 8 13:52:46 ipfire kernel: 8021q: 802.1Q VLAN Support v1.8
Mar 8 13:52:46 ipfire dhcpcd[1819]: red0: waiting for carrier
Mar 8 13:52:49 ipfire kernel: ax88179_178a 2-2:1.0 red0: ax88179 - Link status is: 1
Mar 8 13:52:49 ipfire dhcpcd[1819]: red0: carrier acquired
Mar 8 13:52:49 ipfire dhcpcd[1819]: red0: IAID 4c:d6:0f:8b
Mar 8 13:52:49 ipfire dhcpcd[1819]: red0: adding address fe80::8eae:4cff:fed6:f8b
Mar 8 13:52:49 ipfire dhcpcd[1819]: ipv6_addaddr1: Permission denied
Mar 8 13:52:50 ipfire dhcpcd[1819]: red0: soliciting an IPv6 router
Mar 8 13:52:50 ipfire dhcpcd[1819]: red0: soliciting a DHCP lease
Mar 8 13:52:51 ipfire dhcpcd[1819]: red0: offered 192.168.1.129 from 192.168.1.1
Mar 8 13:52:51 ipfire dhcpcd[1819]: red0: probing address 192.168.1.129/24
Mar 8 13:52:56 ipfire dhcpcd[1819]: red0: leased 192.168.1.129 for 86400 seconds
Mar 8 13:52:56 ipfire dhcpcd[1819]: red0: adding route to 192.168.1.0/24
Mar 8 13:52:56 ipfire dhcpcd[1819]: red0: adding default route via 192.168.1.1
Mar 8 13:52:56 ipfire dhcpcd.exe[1850]: red0 has been (re)configured with IP=192.168.1.129
Mar 8 13:52:58 ipfire unbound: [1655:0] info: service stopped (unbound 1.14.0).
Mar 8 13:52:58 ipfire unbound: [1655:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 8 13:52:58 ipfire unbound: [1655:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 8 13:52:58 ipfire unbound: [1655:0] notice: Restart of unbound 1.14.0.
Mar 8 13:52:58 ipfire unbound: [1655:0] notice: init module 0: validator
Mar 8 13:52:58 ipfire unbound: [1655:0] notice: init module 1: iterator
Mar 8 13:52:58 ipfire unbound: [1655:0] info: start of service (unbound 1.14.0).
Mar 8 13:52:58 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=6185 PROTO=UDP SPT=13468 DPT=53 LEN=52
Mar 8 13:52:58 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=3049 PROTO=UDP SPT=61142 DPT=53 LEN=52
Mar 8 13:52:58 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=10038 PROTO=UDP SPT=14194 DPT=53 LEN=52
Mar 8 13:52:58 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=31584 PROTO=UDP SPT=34140 DPT=53 LEN=52
Mar 8 13:52:58 ipfire unbound: [1655:0] error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:52:58 ipfire unbound: [1655:0] error: SERVFAIL <. DNSKEY IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:52:58 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=37459 PROTO=UDP SPT=45140 DPT=53 LEN=52
Mar 8 13:52:58 ipfire unbound: [1655:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:52:58 ipfire unbound: [1655:0] error: SERVFAIL <1.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:52:58 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=81.3.27.46 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=50155 DF PROTO=UDP SPT=34886 DPT=123 LEN=56
Mar 8 13:52:58 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=26097 PROTO=UDP SPT=62205 DPT=53 LEN=60
Mar 8 13:52:58 ipfire unbound: [1655:0] error: SERVFAIL <46.27.3.81.in-addr.arpa. PTR IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:52:58 ipfire ntpdate[2052]: sendto(81.3.27.46): Operation not permitted
Mar 8 13:53:00 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=81.3.27.46 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=50372 DF PROTO=UDP SPT=34886 DPT=123 LEN=56
Mar 8 13:53:00 ipfire ntpdate[2052]: sendto(81.3.27.46): Operation not permitted
Mar 8 13:53:02 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=81.3.27.46 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=50728 DF PROTO=UDP SPT=34886 DPT=123 LEN=56
Mar 8 13:53:02 ipfire ntpdate[2052]: sendto(81.3.27.46): Operation not permitted
Mar 8 13:53:04 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=81.3.27.46 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=52714 DF PROTO=UDP SPT=34886 DPT=123 LEN=56
Mar 8 13:53:04 ipfire unbound: [1655:0] error: SERVFAIL <46.27.3.81.in-addr.arpa. PTR IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:04 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=38871 PROTO=UDP SPT=62117 DPT=53 LEN=60
Mar 8 13:53:04 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=50431 PROTO=UDP SPT=58095 DPT=53 LEN=60
Mar 8 13:53:04 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=6920 PROTO=UDP SPT=14091 DPT=53 LEN=60
Mar 8 13:53:04 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=34938 PROTO=UDP SPT=39068 DPT=53 LEN=60
Mar 8 13:53:04 ipfire ntpdate[2052]: sendto(81.3.27.46): Operation not permitted
Mar 8 13:53:06 ipfire ntpdate[2052]: no server suitable for synchronization found
Mar 8 13:53:06 ipfire ipfire: ntpdate error
Mar 8 13:53:14 ipfire unbound: [1655:0] error: SERVFAIL <fireinfo.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:14 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=29540 PROTO=UDP SPT=29051 DPT=53 LEN=56
Mar 8 13:53:14 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=8053 PROTO=UDP SPT=5196 DPT=53 LEN=56
Mar 8 13:53:14 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=16519 PROTO=UDP SPT=62627 DPT=53 LEN=56
Mar 8 13:53:14 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=41869 PROTO=UDP SPT=27116 DPT=53 LEN=56
Mar 8 13:53:14 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=25053 PROTO=UDP SPT=10907 DPT=53 LEN=56
Mar 8 13:53:14 ipfire unbound: [1655:0] error: SERVFAIL <fireinfo.ipfire.org. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:14 ipfire unbound: [1655:0] error: SERVFAIL <fireinfo.ipfire.org.localdomain. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:14 ipfire unbound: [1655:0] error: SERVFAIL <fireinfo.ipfire.org.localdomain. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:14 ipfire Profile was not sent propertly: [Errno -2] Name or service not known
Mar 8 13:53:15 ipfire saslauthd[2426]: detach_tty : master pid is: 2426
Mar 8 13:53:15 ipfire saslauthd[2426]: ipc_init : listening on socket: /var/run/saslauthd/mux
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=59111 PROTO=UDP SPT=13521 DPT=53 LEN=58
Mar 8 13:53:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=17479 PROTO=UDP SPT=57750 DPT=53 LEN=58
Mar 8 13:53:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=39661 PROTO=UDP SPT=57796 DPT=53 LEN=58
Mar 8 13:53:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=13681 PROTO=UDP SPT=22405 DPT=53 LEN=58
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <0.ipfire.pool.ntp.org. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <0.ipfire.pool.ntp.org.localdomain. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <0.ipfire.pool.ntp.org.localdomain. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire ntpdate[2459]: Can't find host 0.ipfire.pool.ntp.org: Name or service not known (-2)
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <1.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <1.ipfire.pool.ntp.org. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <1.ipfire.pool.ntp.org.localdomain. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <1.ipfire.pool.ntp.org.localdomain. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire ntpdate[2459]: Can't find host 1.ipfire.pool.ntp.org: Name or service not known (-2)
Mar 8 13:53:15 ipfire ntpdate[2459]: no servers can be used, exiting
Mar 8 13:53:15 ipfire ipfire: ntpdate error
Mar 8 13:53:15 ipfire ntpd[2466]: ntpd 4.2.8p15@1.3728-o Tue Mar 8 17:01:45 UTC 2022 (1): Starting
Mar 8 13:53:15 ipfire ntpd[2466]: Command line: /usr/bin/ntpd -Ap /var/run/ntpd.pid
Mar 8 13:53:15 ipfire ntpd[2466]: ----------------------------------------------------
Mar 8 13:53:15 ipfire ntpd[2466]: ntp-4 is maintained by Network Time Foundation,
Mar 8 13:53:15 ipfire ntpd[2466]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Mar 8 13:53:15 ipfire ntpd[2466]: corporation. Support and training for ntp-4 are
Mar 8 13:53:15 ipfire ntpd[2466]: available at https://www.nwtime.org/support
Mar 8 13:53:15 ipfire ntpd[2466]: ----------------------------------------------------
Mar 8 13:53:15 ipfire ntpd[2468]: proto: precision = 0.187 usec (-22)
Mar 8 13:53:15 ipfire ntpd[2468]: basedate set to 2022-02-24
Mar 8 13:53:15 ipfire ntpd[2468]: gps base set to 2022-02-27 (week 2199)
Mar 8 13:53:15 ipfire ntpd[2468]: Listen and drop on 0 v6wildcard [::]:123
Mar 8 13:53:15 ipfire ntpd[2468]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Mar 8 13:53:15 ipfire ntpd[2468]: Listen normally on 2 lo 127.0.0.1:123
Mar 8 13:53:15 ipfire ntpd[2468]: Listen normally on 3 red0 192.168.1.129:123
Mar 8 13:53:15 ipfire ntpd[2468]: Listening on routing socket on fd #20 for interface updates
Mar 8 13:53:15 ipfire ntpd[2468]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Mar 8 13:53:15 ipfire ntpd[2468]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Mar 8 13:53:15 ipfire kernel: i2c_dev: i2c /dev entries driver
Mar 8 13:53:15 ipfire kernel: it87: Found IT8772E chip at 0xa40, revision 1
Mar 8 13:53:15 ipfire kernel: it87: Beeping is supported
Mar 8 13:53:15 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.27.2-x86_64 started!
Mar 8 13:53:15 ipfire kernel: i2c_dev: i2c /dev entries driver
Mar 8 13:53:15 ipfire pakfire: DOWNLOAD STARTED: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:15 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <pakfire.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=43124 PROTO=UDP SPT=59592 DPT=53 LEN=55
Mar 8 13:53:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=57689 PROTO=UDP SPT=19626 DPT=53 LEN=55
Mar 8 13:53:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=14709 PROTO=UDP SPT=15105 DPT=53 LEN=55
Mar 8 13:53:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=58915 PROTO=UDP SPT=44823 DPT=53 LEN=55
Mar 8 13:53:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=35266 PROTO=UDP SPT=50773 DPT=53 LEN=55
Mar 8 13:53:15 ipfire unbound: [1655:0] error: SERVFAIL <pakfire.ipfire.org.localdomain. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:53:15 ipfire pakfire: DOWNLOAD INFO: 2.27.2-x86_64/lists/server-list.db has size of bytes
Mar 8 13:53:15 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
Mar 8 13:53:15 ipfire pakfire: Giving up: There was no chance to get the file 2.27.2-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
Mar 8 13:53:15 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
Mar 8 13:53:15 ipfire pakfire: DOWNLOAD STARTED: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:15 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: 2.27.2-x86_64/lists/server-list.db has size of bytes
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
Mar 8 13:53:16 ipfire pakfire: Giving up: There was no chance to get the file 2.27.2-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD STARTED: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: 2.27.2-x86_64/lists/server-list.db has size of bytes
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
Mar 8 13:53:16 ipfire pakfire: Giving up: There was no chance to get the file 2.27.2-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD STARTED: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: 2.27.2-x86_64/lists/server-list.db has size of bytes
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
Mar 8 13:53:16 ipfire pakfire: Giving up: There was no chance to get the file 2.27.2-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD STARTED: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: 2.27.2-x86_64/lists/server-list.db has size of bytes
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
Mar 8 13:53:16 ipfire pakfire: Giving up: There was no chance to get the file 2.27.2-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD STARTED: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: 2.27.2-x86_64/lists/server-list.db has size of bytes
Mar 8 13:53:16 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
Mar 8 13:53:16 ipfire pakfire: Giving up: There was no chance to get the file 2.27.2-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
Mar 8 13:53:16 ipfire pakfire: MIRROR ERROR: Could not find or download a server list
Mar 8 13:53:17 ipfire collectd[2609]: cpufreq plugin: Found 4 CPUs
Mar 8 13:53:17 ipfire collectd[2609]: Initialization complete, entering read-loop.
Mar 8 13:53:17 ipfire collectd[2609]: ping plugin: ping_send failed: Operation not permitted
Mar 8 13:53:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=14903 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=0
Mar 8 13:53:17 ipfire dhcpd: Wrote 0 leases to leases file.
Mar 8 13:53:17 ipfire dhcpd: Server starting service.
Mar 8 13:53:27 ipfire login[2759]: ROOT LOGIN on '/dev/console'
Mar 8 13:53:34 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=21743 DF PROTO=ICMP TYPE=8 CODE=0 ID=33355 SEQ=1
Mar 8 13:53:35 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=22342 DF PROTO=ICMP TYPE=8 CODE=0 ID=33355 SEQ=2
Mar 8 13:53:36 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=22657 DF PROTO=ICMP TYPE=8 CODE=0 ID=33355 SEQ=3
Mar 8 13:53:37 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=23630 DF PROTO=ICMP TYPE=8 CODE=0 ID=33355 SEQ=4
Mar 8 13:53:38 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=23947 DF PROTO=ICMP TYPE=8 CODE=0 ID=33355 SEQ=5
Mar 8 13:53:39 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=24694 DF PROTO=ICMP TYPE=8 CODE=0 ID=33355 SEQ=6
Mar 8 13:53:47 ipfire collectd[2609]: ping plugin: ping_send failed: Operation not permitted
Mar 8 13:53:47 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=27993 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=0
Mar 8 13:54:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=37908 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=0
Mar 8 13:54:22 ipfire kernel: usb 1-5.3: new high-speed USB device number 6 using xhci_hcd
Mar 8 13:54:22 ipfire kernel: usb 1-5.3: New USB device found, idVendor=067b, idProduct=2515, bcdDevice= 1.00
Mar 8 13:54:22 ipfire kernel: usb 1-5.3: New USB device strings: Mfr=1, Product=3, SerialNumber=0
Mar 8 13:54:22 ipfire kernel: usb 1-5.3: Product: USB Embedded Hub
Mar 8 13:54:22 ipfire kernel: usb 1-5.3: Manufacturer: Prolific Technology Inc.
Mar 8 13:54:22 ipfire kernel: hub 1-5.3:1.0: USB hub found
Mar 8 13:54:22 ipfire kernel: hub 1-5.3:1.0: 1 port detected
Mar 8 13:54:22 ipfire kernel: usb 1-5.3.1: new high-speed USB device number 7 using xhci_hcd
Mar 8 13:54:22 ipfire kernel: usb 1-5.3.1: New USB device found, idVendor=067b, idProduct=2517, bcdDevice= 1.00
Mar 8 13:54:22 ipfire kernel: usb 1-5.3.1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
Mar 8 13:54:22 ipfire kernel: usb 1-5.3.1: Product: USB Mass Storage Device
Mar 8 13:54:22 ipfire kernel: usb 1-5.3.1: Manufacturer: Prolific Technology Inc.
Mar 8 13:54:22 ipfire kernel: usb-storage 1-5.3.1:1.0: USB Mass Storage device detected
Mar 8 13:54:22 ipfire kernel: scsi host2: usb-storage 1-5.3.1:1.0
Mar 8 13:54:23 ipfire kernel: scsi 2:0:0:0: Direct-Access IOCELL CELLDISK2.0 1.00 PQ: 0 ANSI: 0 CCS
Mar 8 13:54:23 ipfire kernel: sd 2:0:0:0: Attached scsi generic sg1 type 0
Mar 8 13:54:23 ipfire kernel: sd 2:0:0:0: [sdb] 2031616 512-byte logical blocks: (1.04 GB/992 MiB)
Mar 8 13:54:23 ipfire kernel: sd 2:0:0:0: [sdb] Write Protect is off
Mar 8 13:54:23 ipfire kernel: sd 2:0:0:0: [sdb] No Caching mode page found
Mar 8 13:54:23 ipfire kernel: sd 2:0:0:0: [sdb] Assuming drive cache: write through
Mar 8 13:54:23 ipfire kernel: sdb: sdb1
Mar 8 13:54:23 ipfire kernel: sd 2:0:0:0: [sdb] Attached SCSI removable disk
Mar 8 13:54:47 ipfire collectd[2609]: ping plugin: ping_send failed: Operation not permitted
Mar 8 13:54:47 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=49101 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=0
Mar 8 13:55:00 ipfire unbound: [1655:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:55:00 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=15408 PROTO=UDP SPT=43260 DPT=53 LEN=58
Mar 8 13:55:00 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=22657 PROTO=UDP SPT=57469 DPT=53 LEN=58
Mar 8 13:55:00 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=15489 PROTO=UDP SPT=58666 DPT=53 LEN=58
Mar 8 13:55:00 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=5137 PROTO=UDP SPT=14835 DPT=53 LEN=58
Mar 8 13:55:00 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45344 PROTO=UDP SPT=38110 DPT=53 LEN=58
Mar 8 13:55:00 ipfire unbound: [1655:0] error: SERVFAIL <0.ipfire.pool.ntp.org. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:55:00 ipfire unbound: [1655:0] error: SERVFAIL <0.ipfire.pool.ntp.org.localdomain. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:55:00 ipfire unbound: [1655:0] error: SERVFAIL <0.ipfire.pool.ntp.org.localdomain. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:55:00 ipfire ntpdate[2891]: Can't find host 0.ipfire.pool.ntp.org: Name or service not known (-2)
Mar 8 13:55:00 ipfire unbound: [1655:0] error: SERVFAIL <1.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:55:00 ipfire unbound: [1655:0] error: SERVFAIL <1.ipfire.pool.ntp.org. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:55:00 ipfire unbound: [1655:0] error: SERVFAIL <1.ipfire.pool.ntp.org.localdomain. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:55:00 ipfire unbound: [1655:0] error: SERVFAIL <1.ipfire.pool.ntp.org.localdomain. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 13:55:00 ipfire ntpdate[2891]: Can't find host 1.ipfire.pool.ntp.org: Name or service not known (-2)
Mar 8 13:55:00 ipfire ntpdate[2891]: no servers can be used, exiting
Mar 8 13:55:00 ipfire ipfire: ntpdate error
Mar 8 13:55:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=52164 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=0
Mar 8 13:55:47 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=62766 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=0
Mar 8 13:56:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=11109 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=0
Mar 8 13:56:47 ipfire collectd[2609]: ping plugin: ping_send failed: Operation not permitted
Mar 8 13:56:47 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=17459 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=0
Mar 8 13:57:05 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=20930 DF PROTO=ICMP TYPE=8 CODE=0 ID=24611 SEQ=1
Mar 8 13:57:06 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=21067 DF PROTO=ICMP TYPE=8 CODE=0 ID=24611 SEQ=2
Mar 8 13:57:07 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=22055 DF PROTO=ICMP TYPE=8 CODE=0 ID=24611 SEQ=3
Mar 8 13:57:10 ipfire shutdown[2983]: shutting down for system reboot
Mar 8 13:57:10 ipfire init: Switching to runlevel: 6
Mar 8 13:57:10 ipfire init: No inittab.d directory found
Mar 8 13:57:11 ipfire kernel: usb 1-5.3: USB disconnect, device number 6
Mar 8 13:57:11 ipfire kernel: usb 1-5.3.1: USB disconnect, device number 7
Mar 8 13:57:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=30203 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=0
Mar 8 13:57:29 ipfire ntpd[2468]: ntpd exiting on signal 15 (Terminated)
Mar 8 13:57:29 ipfire ntpd[2468]: 127.127.1.0 local addr 127.0.0.1 -> <null>
Mar 8 13:57:32 ipfire saslauthd[2426]: server_exit : master exited: 2426
Mar 8 13:57:33 ipfire collectd[2609]: Exiting normally.
Mar 8 13:57:33 ipfire collectd[2609]: collectd: Stopping 1 read threads.
Mar 8 13:57:33 ipfire collectd[2609]: ping plugin: Shutting down thread.
Mar 8 13:57:33 ipfire collectd[2609]: rrdtool plugin: Shutting down the queue thread. This may take a while.
Mar 8 13:57:34 ipfire vnstatd[1602]: SIGTERM received, exiting.
Mar 8 13:57:36 ipfire dhcpcd[3271]: sending signal ALRM to pid 1818
Mar 8 13:57:36 ipfire dhcpcd[3271]: waiting for pid 1818 to exit
Mar 8 13:57:36 ipfire dhcpcd[1819]: received SIGALRM, releasing
Mar 8 13:57:36 ipfire dhcpcd[1819]: red0: removing interface
Mar 8 13:57:36 ipfire dhcpcd[1819]: red0: releasing lease of 192.168.1.129
Mar 8 13:57:36 ipfire dhcpcd[1819]: ps_root_recvmsg: Operation not permitted
Mar 8 13:57:36 ipfire dhcpcd[1819]: red0: deleting route to 192.168.1.0/24
Mar 8 13:57:36 ipfire dhcpcd[1819]: red0: deleting default route via 192.168.1.1
Mar 8 13:57:36 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=21247 DF PROTO=UDP SPT=68 DPT=67 LEN=308
Mar 8 13:57:36 ipfire dhcpcd.exe[3272]: red0 has been brought down (STOP)
Mar 8 13:57:37 ipfire unbound: [1655:0] info: service stopped (unbound 1.14.0).
Mar 8 13:57:37 ipfire unbound: [1655:0] info: server stats for thread 0: 103 queries, 76 answers from cache, 27 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 8 13:57:37 ipfire unbound: [1655:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 8 13:57:37 ipfire unbound: [1655:0] info: average recursion processing time 0.000000 sec
Mar 8 13:57:37 ipfire unbound: [1655:0] info: histogram of recursion processing times
Mar 8 13:57:37 ipfire unbound: [1655:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
Mar 8 13:57:37 ipfire unbound: [1655:0] info: lower(secs) upper(secs) recursions
Mar 8 13:57:37 ipfire unbound: [1655:0] info: 0.000000 0.000001 27
Mar 8 13:57:38 ipfire acpid: exiting
Mar 8 13:57:39 ipfire kernel: Kernel logging (proc) stopped.
Mar 8 13:57:39 ipfire kernel: Kernel log daemon terminating.
Mar 8 13:57:40 ipfire exiting on signal 15
Mar 8 13:58:27 ipfire syslogd 1.5.1: restart (remote reception).
Mar 8 13:58:28 ipfire unbound: [1565:0] notice: init module 0: validator
Mar 8 13:58:28 ipfire unbound: [1565:0] notice: init module 1: iterator
Mar 8 13:58:28 ipfire acpid: starting up with netlink and the input layer
Mar 8 13:58:28 ipfire acpid: 1 rule loaded
Mar 8 13:58:28 ipfire acpid: waiting for events: event logging is off
Mar 8 13:58:28 ipfire unbound: [1565:0] info: start of service (unbound 1.14.0).
Mar 8 13:58:28 ipfire unbound: [1565:0] error: SERVFAIL <. DNSKEY IN>: exceeded the maximum nameserver nxdomains
Mar 8 13:58:29 ipfire kernel: RTL8211E Gigabit Ethernet r8169-0-100:00: attached PHY driver (mii_bus:phy_addr=r8169-0-100:00, irq=MAC)
Mar 8 13:58:29 ipfire kernel: r8169 0000:01:00.0 green0: Link is Down
Mar 8 13:58:29 ipfire kernel: RTL8211E Gigabit Ethernet r8169-0-200:00: attached PHY driver (mii_bus:phy_addr=r8169-0-200:00, irq=MAC)
Mar 8 13:58:29 ipfire kernel: r8169 0000:02:00.0 blue0: Link is Down
Mar 8 13:58:30 ipfire dhcpcd[1724]: dhcpcd-9.4.1 starting
Mar 8 13:58:30 ipfire dhcpcd[1727]: DUID 00:04:03:00:02:00:04:00:05:00:00:06:00:07:00:08:00:09
Mar 8 13:58:30 ipfire kernel: 8021q: 802.1Q VLAN Support v1.8
Mar 8 13:58:30 ipfire dhcpcd[1727]: red0: waiting for carrier
Mar 8 13:58:32 ipfire kernel: ax88179_178a 2-2:1.0 red0: ax88179 - Link status is: 1
Mar 8 13:58:32 ipfire dhcpcd[1727]: red0: carrier acquired
Mar 8 13:58:32 ipfire dhcpcd[1727]: red0: IAID 4c:d6:0f:8b
Mar 8 13:58:32 ipfire dhcpcd[1727]: red0: adding address fe80::8eae:4cff:fed6:f8b
Mar 8 13:58:32 ipfire dhcpcd[1727]: ipv6_addaddr1: Permission denied
Mar 8 13:58:32 ipfire dhcpcd[1727]: red0: soliciting an IPv6 router
Mar 8 13:58:33 ipfire dhcpcd[1727]: red0: soliciting a DHCP lease
Mar 8 13:58:34 ipfire dhcpcd[1727]: red0: offered 192.168.1.129 from 192.168.1.1
Mar 8 13:58:34 ipfire dhcpcd[1727]: red0: probing address 192.168.1.129/24
Mar 8 13:58:39 ipfire dhcpcd[1727]: red0: leased 192.168.1.129 for 86400 seconds
Mar 8 13:58:39 ipfire dhcpcd[1727]: red0: adding route to 192.168.1.0/24
Mar 8 13:58:39 ipfire dhcpcd[1727]: red0: adding default route via 192.168.1.1
Mar 8 13:58:39 ipfire dhcpcd.exe[1757]: red0 has been (re)configured with IP=192.168.1.129
Mar 8 13:58:40 ipfire unbound: [1565:0] info: service stopped (unbound 1.14.0).
Mar 8 13:58:40 ipfire unbound: [1565:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 8 13:58:40 ipfire unbound: [1565:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 8 13:58:40 ipfire unbound: [1565:0] notice: Restart of unbound 1.14.0.
Mar 8 13:58:40 ipfire unbound: [1565:0] notice: init module 0: validator
Mar 8 13:58:40 ipfire unbound: [1565:0] notice: init module 1: iterator
Mar 8 13:58:40 ipfire unbound: [1565:0] info: start of service (unbound 1.14.0).
Mar 8 13:58:40 ipfire unbound: [1565:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Mar 8 13:58:50 ipfire saslauthd[2300]: detach_tty : master pid is: 2300
Mar 8 13:58:50 ipfire saslauthd[2300]: ipc_init : listening on socket: /var/run/saslauthd/mux
Mar 8 13:58:51 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.27.2-x86_64 started!
Mar 8 13:58:51 ipfire pakfire: DOWNLOAD STARTED: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:58:51 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:58:51 ipfire ntpdate[2333]: 167.248.49.102 rate limit response from server.
Mar 8 13:58:52 ipfire pakfire: DOWNLOAD INFO: 2.27.2-x86_64/lists/server-list.db has size of 981 bytes
Mar 8 13:58:53 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
Mar 8 13:58:53 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
Mar 8 13:58:53 ipfire pakfire: DOWNLOAD INFO: Signature of server-list.db is fine.
Mar 8 13:58:53 ipfire pakfire: DOWNLOAD FINISHED: 2.27.2-x86_64/lists/server-list.db
Mar 8 13:58:53 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
Mar 8 13:58:53 ipfire pakfire: MIRROR INFO: 2 servers found in list
Mar 8 13:58:53 ipfire pakfire: DOWNLOAD INFO: Host: ipfire.earl-net.com (HTTPS) - File: pakfire2/2.27.2-x86_64/lists/packages_list.db
Mar 8 13:58:54 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.27.2-x86_64/lists/packages_list.db has size of 4899 bytes
Mar 8 13:58:55 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
Mar 8 13:58:55 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
Mar 8 13:58:55 ipfire pakfire: DOWNLOAD INFO: Signature of packages_list.db is fine.
Mar 8 13:58:55 ipfire pakfire: DOWNLOAD FINISHED: pakfire2/2.27.2-x86_64/lists/packages_list.db
Mar 8 13:58:55 ipfire pakfire: DOWNLOAD STARTED: lists/core-list.db
Mar 8 13:58:55 ipfire pakfire: MIRROR INFO: 2 servers found in list
Mar 8 13:58:55 ipfire pakfire: DOWNLOAD INFO: Host: ipfire.earl-net.com (HTTPS) - File: pakfire2/2.27.2-x86_64/lists/core-list.db
Mar 8 13:58:56 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.27.2-x86_64/lists/core-list.db has size of 903 bytes
Mar 8 13:58:56 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
Mar 8 13:58:56 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
Mar 8 13:58:56 ipfire pakfire: DOWNLOAD INFO: Signature of core-list.db is fine.
Mar 8 13:58:56 ipfire pakfire: DOWNLOAD FINISHED: pakfire2/2.27.2-x86_64/lists/core-list.db
Mar 8 13:58:56 ipfire pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
Mar 8 13:59:00 ipfire ntpdate[2333]: adjust time server 69.164.213.136 offset -0.382018 sec
Mar 8 13:59:00 ipfire ipfire: NTP synchronisation
Mar 8 13:59:02 ipfire ntpd[2378]: ntpd 4.2.8p15@1.3728-o Tue Mar 8 17:01:45 UTC 2022 (1): Starting
Mar 8 13:59:02 ipfire ntpd[2378]: Command line: /usr/bin/ntpd -Ap /var/run/ntpd.pid
Mar 8 13:59:02 ipfire ntpd[2378]: ----------------------------------------------------
Mar 8 13:59:02 ipfire ntpd[2378]: ntp-4 is maintained by Network Time Foundation,
Mar 8 13:59:02 ipfire ntpd[2378]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Mar 8 13:59:02 ipfire ntpd[2378]: corporation. Support and training for ntp-4 are
Mar 8 13:59:02 ipfire ntpd[2378]: available at https://www.nwtime.org/support
Mar 8 13:59:02 ipfire ntpd[2378]: ----------------------------------------------------
Mar 8 13:59:02 ipfire ntpd[2380]: proto: precision = 0.187 usec (-22)
Mar 8 13:59:02 ipfire ntpd[2380]: basedate set to 2022-02-24
Mar 8 13:59:02 ipfire ntpd[2380]: gps base set to 2022-02-27 (week 2199)
Mar 8 13:59:02 ipfire ntpd[2380]: Listen and drop on 0 v6wildcard [::]:123
Mar 8 13:59:02 ipfire ntpd[2380]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Mar 8 13:59:02 ipfire ntpd[2380]: Listen normally on 2 lo 127.0.0.1:123
Mar 8 13:59:02 ipfire ntpd[2380]: Listen normally on 3 red0 192.168.1.129:123
Mar 8 13:59:02 ipfire ntpd[2380]: Listening on routing socket on fd #20 for interface updates
Mar 8 13:59:02 ipfire ntpd[2380]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Mar 8 13:59:02 ipfire ntpd[2380]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Mar 8 13:59:02 ipfire kernel: it87: Found IT8772E chip at 0xa40, revision 1
Mar 8 13:59:02 ipfire kernel: it87: Beeping is supported
Mar 8 13:59:02 ipfire collectd[2439]: cpufreq plugin: Found 4 CPUs
Mar 8 13:59:02 ipfire collectd[2439]: Initialization complete, entering read-loop.
Mar 8 13:59:02 ipfire dhcpd: Wrote 0 leases to leases file.
Mar 8 13:59:02 ipfire dhcpd: Server starting service.
Mar 8 13:59:16 ipfire login[2546]: ROOT LOGIN on '/dev/console'
Mar 8 14:00:35 ipfire shutdown[2661]: shutting down for system reboot
Mar 8 14:00:35 ipfire init: Switching to runlevel: 6
Mar 8 14:00:35 ipfire init: No inittab.d directory found
Mar 8 14:00:54 ipfire ntpd[2380]: ntpd exiting on signal 15 (Terminated)
Mar 8 14:00:54 ipfire ntpd[2380]: 127.127.1.0 local addr 127.0.0.1 -> <null>
Mar 8 14:00:57 ipfire saslauthd[2300]: server_exit : master exited: 2300
Mar 8 14:00:58 ipfire collectd[2439]: Exiting normally.
Mar 8 14:00:58 ipfire collectd[2439]: collectd: Stopping 1 read threads.
Mar 8 14:00:58 ipfire collectd[2439]: ping plugin: Shutting down thread.
Mar 8 14:00:58 ipfire collectd[2439]: rrdtool plugin: Shutting down the queue thread. This may take a while.
Mar 8 14:00:59 ipfire vnstatd[1512]: SIGTERM received, exiting.
Mar 8 14:01:01 ipfire dhcpcd[2946]: sending signal ALRM to pid 1726
Mar 8 14:01:01 ipfire dhcpcd[2946]: waiting for pid 1726 to exit
Mar 8 14:01:01 ipfire dhcpcd[1727]: received SIGALRM, releasing
Mar 8 14:01:01 ipfire dhcpcd[1727]: red0: removing interface
Mar 8 14:01:01 ipfire dhcpcd[1727]: red0: releasing lease of 192.168.1.129
Mar 8 14:01:01 ipfire dhcpcd[1727]: red0: deleting route to 192.168.1.0/24
Mar 8 14:01:01 ipfire dhcpcd[1727]: red0: deleting default route via 192.168.1.1
Mar 8 14:01:01 ipfire dhcpcd.exe[2947]: red0 has been brought down (STOP)
Mar 8 14:01:02 ipfire unbound: [1565:0] info: service stopped (unbound 1.14.0).
Mar 8 14:01:02 ipfire unbound: [1565:0] info: server stats for thread 0: 14 queries, 5 answers from cache, 9 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 8 14:01:02 ipfire unbound: [1565:0] info: server stats for thread 0: requestlist max 1 avg 0.222222 exceeded 0 jostled 0
Mar 8 14:01:02 ipfire unbound: [1565:0] info: average recursion processing time 0.318249 sec
Mar 8 14:01:02 ipfire unbound: [1565:0] info: histogram of recursion processing times
Mar 8 14:01:02 ipfire unbound: [1565:0] info: [25%]=0.16384 median[50%]=0.340787 [75%]=0.458752
Mar 8 14:01:02 ipfire unbound: [1565:0] info: lower(secs) upper(secs) recursions
Mar 8 14:01:02 ipfire unbound: [1565:0] info: 0.065536 0.131072 2
Mar 8 14:01:02 ipfire unbound: [1565:0] info: 0.131072 0.262144 1
Mar 8 14:01:02 ipfire unbound: [1565:0] info: 0.262144 0.524288 5
Mar 8 14:01:02 ipfire unbound: [1565:0] info: 0.524288 1.000000 1
Mar 8 14:01:03 ipfire acpid: exiting
Mar 8 14:01:04 ipfire kernel: Kernel logging (proc) stopped.
Mar 8 14:01:04 ipfire kernel: Kernel log daemon terminating.
Mar 8 14:01:05 ipfire exiting on signal 15
Mar 8 14:01:57 ipfire syslogd 1.5.1: restart (remote reception).
Mar 8 14:01:57 ipfire unbound: [1576:0] notice: init module 0: validator
Mar 8 14:01:57 ipfire unbound: [1576:0] notice: init module 1: iterator
Mar 8 14:01:57 ipfire acpid: starting up with netlink and the input layer
Mar 8 14:01:57 ipfire acpid: 1 rule loaded
Mar 8 14:01:57 ipfire acpid: waiting for events: event logging is off
Mar 8 14:01:57 ipfire unbound: [1576:0] info: start of service (unbound 1.14.0).
Mar 8 14:01:58 ipfire kernel: RTL8211E Gigabit Ethernet r8169-0-100:00: attached PHY driver (mii_bus:phy_addr=r8169-0-100:00, irq=MAC)
Mar 8 14:01:59 ipfire kernel: r8169 0000:01:00.0 green0: Link is Down
Mar 8 14:01:59 ipfire kernel: RTL8211E Gigabit Ethernet r8169-0-200:00: attached PHY driver (mii_bus:phy_addr=r8169-0-200:00, irq=MAC)
Mar 8 14:01:59 ipfire kernel: r8169 0000:02:00.0 blue0: Link is Down
Mar 8 14:01:59 ipfire dhcpcd[1735]: dhcpcd-9.4.1 starting
Mar 8 14:01:59 ipfire dhcpcd[1738]: DUID 00:04:03:00:02:00:04:00:05:00:00:06:00:07:00:08:00:09
Mar 8 14:01:59 ipfire kernel: 8021q: 802.1Q VLAN Support v1.8
Mar 8 14:01:59 ipfire dhcpcd[1738]: red0: waiting for carrier
Mar 8 14:02:02 ipfire kernel: ax88179_178a 2-2:1.0 red0: ax88179 - Link status is: 1
Mar 8 14:02:02 ipfire dhcpcd[1738]: red0: carrier acquired
Mar 8 14:02:02 ipfire dhcpcd[1738]: red0: IAID 4c:d6:0f:8b
Mar 8 14:02:02 ipfire dhcpcd[1738]: red0: adding address fe80::8eae:4cff:fed6:f8b
Mar 8 14:02:02 ipfire dhcpcd[1738]: ipv6_addaddr1: Permission denied
Mar 8 14:02:02 ipfire dhcpcd[1738]: red0: soliciting a DHCP lease
Mar 8 14:02:02 ipfire dhcpcd[1738]: red0: soliciting an IPv6 router
Mar 8 14:02:03 ipfire dhcpcd[1738]: red0: offered 192.168.1.129 from 192.168.1.1
Mar 8 14:02:03 ipfire dhcpcd[1738]: red0: probing address 192.168.1.129/24
Mar 8 14:02:09 ipfire dhcpcd[1738]: red0: leased 192.168.1.129 for 86400 seconds
Mar 8 14:02:09 ipfire dhcpcd[1738]: red0: adding route to 192.168.1.0/24
Mar 8 14:02:09 ipfire dhcpcd[1738]: red0: adding default route via 192.168.1.1
Mar 8 14:02:09 ipfire dhcpcd.exe[1768]: red0 has been (re)configured with IP=192.168.1.129
Mar 8 14:02:11 ipfire unbound: [1576:0] info: service stopped (unbound 1.14.0).
Mar 8 14:02:11 ipfire unbound: [1576:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 8 14:02:11 ipfire unbound: [1576:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 8 14:02:11 ipfire unbound: [1576:0] notice: Restart of unbound 1.14.0.
Mar 8 14:02:11 ipfire unbound: [1576:0] notice: init module 0: validator
Mar 8 14:02:11 ipfire unbound: [1576:0] notice: init module 1: iterator
Mar 8 14:02:11 ipfire unbound: [1576:0] info: start of service (unbound 1.14.0).
Mar 8 14:02:11 ipfire unbound: [1576:0] error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:11 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=17615 PROTO=UDP SPT=21925 DPT=53 LEN=52
Mar 8 14:02:11 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=33244 PROTO=UDP SPT=7445 DPT=53 LEN=52
Mar 8 14:02:11 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=32246 PROTO=UDP SPT=58516 DPT=53 LEN=52
Mar 8 14:02:11 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=60561 PROTO=UDP SPT=28958 DPT=53 LEN=52
Mar 8 14:02:11 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=32299 PROTO=UDP SPT=43865 DPT=53 LEN=52
Mar 8 14:02:11 ipfire unbound: [1576:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:11 ipfire unbound: [1576:0] error: SERVFAIL <1.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:11 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=81.3.27.46 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=53320 DF PROTO=UDP SPT=49630 DPT=123 LEN=56
Mar 8 14:02:11 ipfire unbound: [1576:0] error: SERVFAIL <46.27.3.81.in-addr.arpa. PTR IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:11 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=21480 PROTO=UDP SPT=63512 DPT=53 LEN=60
Mar 8 14:02:11 ipfire ntpdate[1967]: sendto(81.3.27.46): Operation not permitted
Mar 8 14:02:13 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=81.3.27.46 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=55106 DF PROTO=UDP SPT=49630 DPT=123 LEN=56
Mar 8 14:02:13 ipfire ntpdate[1967]: sendto(81.3.27.46): Operation not permitted
Mar 8 14:02:15 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=81.3.27.46 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=56113 DF PROTO=UDP SPT=49630 DPT=123 LEN=56
Mar 8 14:02:15 ipfire ntpdate[1967]: sendto(81.3.27.46): Operation not permitted
Mar 8 14:02:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=81.3.27.46 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=57298 DF PROTO=UDP SPT=49630 DPT=123 LEN=56
Mar 8 14:02:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=13552 PROTO=UDP SPT=48472 DPT=53 LEN=60
Mar 8 14:02:17 ipfire unbound: [1576:0] error: SERVFAIL <46.27.3.81.in-addr.arpa. PTR IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=33955 PROTO=UDP SPT=42541 DPT=53 LEN=60
Mar 8 14:02:17 ipfire ntpdate[1967]: sendto(81.3.27.46): Operation not permitted
Mar 8 14:02:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=44766 PROTO=UDP SPT=24819 DPT=53 LEN=60
Mar 8 14:02:17 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=6388 PROTO=UDP SPT=27889 DPT=53 LEN=60
Mar 8 14:02:19 ipfire ntpdate[1967]: no server suitable for synchronization found
Mar 8 14:02:19 ipfire ipfire: ntpdate error
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <fireinfo.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=43588 PROTO=UDP SPT=57956 DPT=53 LEN=56
Mar 8 14:02:27 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=33251 PROTO=UDP SPT=33145 DPT=53 LEN=56
Mar 8 14:02:27 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=47272 PROTO=UDP SPT=20544 DPT=53 LEN=56
Mar 8 14:02:27 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=39616 PROTO=UDP SPT=40560 DPT=53 LEN=56
Mar 8 14:02:27 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=15845 PROTO=UDP SPT=47586 DPT=53 LEN=56
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <fireinfo.ipfire.org. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <fireinfo.ipfire.org.localdomain. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <fireinfo.ipfire.org.localdomain. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire Profile was not sent propertly: [Errno -2] Name or service not known
Mar 8 14:02:27 ipfire saslauthd[2341]: detach_tty : master pid is: 2341
Mar 8 14:02:27 ipfire saslauthd[2341]: ipc_init : listening on socket: /var/run/saslauthd/mux
Mar 8 14:02:27 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=34432 PROTO=UDP SPT=15857 DPT=53 LEN=58
Mar 8 14:02:27 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=27731 PROTO=UDP SPT=57771 DPT=53 LEN=58
Mar 8 14:02:27 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=54577 PROTO=UDP SPT=10377 DPT=53 LEN=58
Mar 8 14:02:27 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=27634 PROTO=UDP SPT=7891 DPT=53 LEN=58
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <0.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <0.ipfire.pool.ntp.org. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <0.ipfire.pool.ntp.org.localdomain. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <0.ipfire.pool.ntp.org.localdomain. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire ntpdate[2374]: Can't find host 0.ipfire.pool.ntp.org: Name or service not known (-2)
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <1.ipfire.pool.ntp.org. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <1.ipfire.pool.ntp.org. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <1.ipfire.pool.ntp.org.localdomain. A IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire unbound: [1576:0] error: SERVFAIL <1.ipfire.pool.ntp.org.localdomain. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names
Mar 8 14:02:27 ipfire ntpdate[2374]: Can't find host 1.ipfire.pool.ntp.org: Name or service not known (-2)
Mar 8 14:02:27 ipfire ntpdate[2374]: no servers can be used, exiting
Mar 8 14:02:27 ipfire ipfire: ntpdate error
Mar 8 14:02:27 ipfire ntpd[2381]: ntpd 4.2.8p15@1.3728-o Tue Mar 8 17:01:45 UTC 2022 (1): Starting
Mar 8 14:02:27 ipfire ntpd[2381]: Command line: /usr/bin/ntpd -Ap /var/run/ntpd.pid
Mar 8 14:02:27 ipfire ntpd[2381]: ----------------------------------------------------
Mar 8 14:02:27 ipfire ntpd[2381]: ntp-4 is maintained by Network Time Foundation,
Mar 8 14:02:27 ipfire ntpd[2381]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Mar 8 14:02:27 ipfire ntpd[2381]: corporation. Support and training for ntp-4 are
Mar 8 14:02:27 ipfire ntpd[2381]: available at https://www.nwtime.org/support
Mar 8 14:02:27 ipfire ntpd[2381]: ----------------------------------------------------
Mar 8 14:02:27 ipfire ntpd[2383]: proto: precision = 0.187 usec (-22)
Mar 8 14:02:27 ipfire ntpd[2383]: basedate set to 2022-02-24
Mar 8 14:02:27 ipfire ntpd[2383]: gps base set to 2022-02-27 (week 2199)
Mar 8 14:02:27 ipfire ntpd[2383]: Listen and drop on 0 v6wildcard [::]:123
Mar 8 14:02:27 ipfire ntpd[2383]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Mar 8 14:02:27 ipfire ntpd[2383]: Listen normally on 2 lo 127.0.0.1:123
Mar 8 14:02:27 ipfire ntpd[2383]: Listen normally on 3 red0 192.168.1.129:123
Mar 8 14:02:27 ipfire ntpd[2383]: Listening on routing socket on fd #20 for interface updates
Mar 8 14:02:27 ipfire ntpd[2383]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Mar 8 14:02:27 ipfire ntpd[2383]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Mar 8 14:02:27 ipfire kernel: it87: Found IT8772E chip at 0xa40, revision 1
Mar 8 14:02:27 ipfire kernel: it87: Beeping is supported
Mar 8 14:02:28 ipfire collectd[2442]: cpufreq plugin: Found 4 CPUs
Mar 8 14:02:28 ipfire collectd[2442]: Initialization complete, entering read-loop.
Mar 8 14:02:28 ipfire collectd[2442]: ping plugin: ping_send failed: Operation not permitted
Mar 8 14:02:28 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=48439 DF PROTO=ICMP TYPE=8 CODE=0 ID=22634 SEQ=0
Mar 8 14:02:28 ipfire dhcpd: Wrote 0 leases to leases file.
Mar 8 14:02:28 ipfire dhcpd: Server starting service.
Mar 8 14:02:28 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.27.2-x86_64 started!
Mar 8 14:02:28 ipfire pakfire: MIRROR INFO: server-list.db is 215 seconds old. - DEBUG: noforce
Mar 8 14:02:28 ipfire pakfire: DB INFO: packages_list.db is 213 seconds old. - DEBUG: noforce
Mar 8 14:02:28 ipfire pakfire: CORE INFO: core-list.db is 212 seconds old. - DEBUG: noforce
Mar 8 14:02:28 ipfire pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
Mar 8 14:02:33 ipfire login[2557]: ROOT LOGIN on '/dev/console'
Mar 8 14:02:39 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=55868 DF PROTO=ICMP TYPE=8 CODE=0 ID=58352 SEQ=1
Mar 8 14:02:40 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=56240 DF PROTO=ICMP TYPE=8 CODE=0 ID=58352 SEQ=2
Mar 8 14:02:41 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=56773 DF PROTO=ICMP TYPE=8 CODE=0 ID=58352 SEQ=3
Mar 8 14:02:42 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=56937 DF PROTO=ICMP TYPE=8 CODE=0 ID=58352 SEQ=4
Mar 8 14:02:58 ipfire collectd[2442]: ping plugin: ping_send failed: Operation not permitted
Mar 8 14:02:58 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=59582 DF PROTO=ICMP TYPE=8 CODE=0 ID=22634 SEQ=0
Mar 8 14:03:28 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=61749 DF PROTO=ICMP TYPE=8 CODE=0 ID=22634 SEQ=0
Mar 8 14:03:39 ipfire login[2558]: ROOT LOGIN on '/dev/tty2'
Mar 8 14:03:42 ipfire kernel: usb 1-5.3: new high-speed USB device number 6 using xhci_hcd
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: New USB device found, idVendor=067b, idProduct=2515, bcdDevice= 1.00
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: New USB device strings: Mfr=1, Product=3, SerialNumber=0
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: Product: USB Embedded Hub
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: Manufacturer: Prolific Technology Inc.
Mar 8 14:03:43 ipfire kernel: hub 1-5.3:1.0: USB hub found
Mar 8 14:03:43 ipfire kernel: hub 1-5.3:1.0: 1 port detected
Mar 8 14:03:43 ipfire kernel: hub 1-5.3:1.0: hub_ext_port_status failed (err = -71)
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: USB disconnect, device number 6
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: new high-speed USB device number 7 using xhci_hcd
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: New USB device found, idVendor=067b, idProduct=2515, bcdDevice= 1.00
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: New USB device strings: Mfr=1, Product=3, SerialNumber=0
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: Product: USB Embedded Hub
Mar 8 14:03:43 ipfire kernel: usb 1-5.3: Manufacturer: Prolific Technology Inc.
Mar 8 14:03:43 ipfire kernel: hub 1-5.3:1.0: USB hub found
Mar 8 14:03:43 ipfire kernel: hub 1-5.3:1.0: 1 port detected
Mar 8 14:03:43 ipfire kernel: usb 1-5.3.1: new high-speed USB device number 8 using xhci_hcd
Mar 8 14:03:43 ipfire kernel: usb 1-5.3.1: New USB device found, idVendor=067b, idProduct=2517, bcdDevice= 1.00
Mar 8 14:03:43 ipfire kernel: usb 1-5.3.1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
Mar 8 14:03:43 ipfire kernel: usb 1-5.3.1: Product: USB Mass Storage Device
Mar 8 14:03:43 ipfire kernel: usb 1-5.3.1: Manufacturer: Prolific Technology Inc.
Mar 8 14:03:43 ipfire kernel: usb-storage 1-5.3.1:1.0: USB Mass Storage device detected
Mar 8 14:03:43 ipfire kernel: scsi host2: usb-storage 1-5.3.1:1.0
Mar 8 14:03:44 ipfire kernel: scsi 2:0:0:0: Direct-Access IOCELL CELLDISK2.0 1.00 PQ: 0 ANSI: 0 CCS
Mar 8 14:03:44 ipfire kernel: sd 2:0:0:0: Attached scsi generic sg1 type 0
Mar 8 14:03:44 ipfire kernel: sd 2:0:0:0: [sdb] 2031616 512-byte logical blocks: (1.04 GB/992 MiB)
Mar 8 14:03:44 ipfire kernel: sd 2:0:0:0: [sdb] Write Protect is off
Mar 8 14:03:44 ipfire kernel: sd 2:0:0:0: [sdb] No Caching mode page found
Mar 8 14:03:44 ipfire kernel: sd 2:0:0:0: [sdb] Assuming drive cache: write through
Mar 8 14:03:44 ipfire kernel: sdb: sdb1
Mar 8 14:03:44 ipfire kernel: sd 2:0:0:0: [sdb] Attached SCSI removable disk
Mar 8 14:03:58 ipfire collectd[2442]: ping plugin: ping_send failed: Operation not permitted
Mar 8 14:03:58 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=13774 DF PROTO=ICMP TYPE=8 CODE=0 ID=22634 SEQ=0
Mar 8 14:04:00 ipfire kernel: FAT-fs (sdb1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
Mar 8 14:04:28 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.129 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=22516 DF PROTO=ICMP TYPE=8 CODE=0 ID=22634 SEQ=0
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Testing Issues with core165 Development Build: next/cad86575
2022-03-08 20:13 ` Charles Brown
@ 2022-03-11 16:28 ` Michael Tremer
2022-03-11 23:40 ` Charles Brown
0 siblings, 1 reply; 9+ messages in thread
From: Michael Tremer @ 2022-03-11 16:28 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1981 bytes --]
Hello,
I tried to reproduce this and I can’t.
Could you please send the output of “iptables -L -nv” to help me debug this?
-Michael
> On 8 Mar 2022, at 20:13, Charles Brown <cab_77573(a)yahoo.com> wrote:
>
> Just tried again with next/2022-03-08 09:59:43 +0000-32ce7ab4/x86_64
> It seems simple to reproduce. See attached log.
> At initial boot after fresh install, cannot ping local private address gateway -- DROP_HOSTILE
> After editing settings in /var/ipfiire/optionsfw/settings -- changing DROPHOSTILE to off -- and rebooting, things worked as expected.
> I then changed DROPHOSTILE setting to on and rebooted -- resulting again with DROP_HOSTILE when pinging my local gateway.
>
>
> On 3/8/2022 9:47 AM, Michael Tremer wrote:
>> Hello Charles,
>>
>>> On 7 Mar 2022, at 12:26, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>
>>> Did a fresh install of core165 Development Build: next/cad86575
>>>
>>> 1) Private Network is ‘Hostile’ – should it be?
>> No, it shouldn’t.
>>
>>> Initially, I had no access to red zone. All traffic was getting DROP_HOSTILE.
>>> My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’.
>> Do you have some log files so I can look at what matched?
>>
>> What build are you running?
>>
>> -Michael
>>
>>> 2) Web page ids.cgi stops loading after header
>>> The page header down through "Intrusion Prevention System <?>" is displayed and then stops -- nothing else on the page
>>> Log in httpd error shows as:
>>> "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. "
>>> I went to the directory and created the 'ignored' file and chowned it to nobody:nobody.
>>> That allowed the page to complete loading
>>>
>>> -cab
>>>
> <hostile_private_net.log>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Testing Issues with core165 Development Build: next/cad86575
2022-03-11 16:28 ` Michael Tremer
@ 2022-03-11 23:40 ` Charles Brown
2022-03-17 15:52 ` Michael Tremer
0 siblings, 1 reply; 9+ messages in thread
From: Charles Brown @ 2022-03-11 23:40 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2424 bytes --]
True, it is not reproducible with latest c165 build.
However, I punted back to "core165 Development Build: next/cad86575" to
test my sanity, the glitch was quite reproducible.
Logs are attached: /var/log/messages; the (a) iptables output at first
boot; the (b) iptables output after changing hostile fw option to off
and rebooting
.
On 3/11/2022 10:28 AM, Michael Tremer wrote:
> Hello,
>
> I tried to reproduce this and I can’t.
>
> Could you please send the output of “iptables -L -nv” to help me debug this?
>
> -Michael
>
>> On 8 Mar 2022, at 20:13, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>
>> Just tried again with next/2022-03-08 09:59:43 +0000-32ce7ab4/x86_64
>> It seems simple to reproduce. See attached log.
>> At initial boot after fresh install, cannot ping local private address gateway -- DROP_HOSTILE
>> After editing settings in /var/ipfiire/optionsfw/settings -- changing DROPHOSTILE to off -- and rebooting, things worked as expected.
>> I then changed DROPHOSTILE setting to on and rebooted -- resulting again with DROP_HOSTILE when pinging my local gateway.
>>
>>
>> On 3/8/2022 9:47 AM, Michael Tremer wrote:
>>> Hello Charles,
>>>
>>>> On 7 Mar 2022, at 12:26, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>>
>>>> Did a fresh install of core165 Development Build: next/cad86575
>>>>
>>>> 1) Private Network is ‘Hostile’ – should it be?
>>> No, it shouldn’t.
>>>
>>>> Initially, I had no access to red zone. All traffic was getting DROP_HOSTILE.
>>>> My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’.
>>> Do you have some log files so I can look at what matched?
>>>
>>> What build are you running?
>>>
>>> -Michael
>>>
>>>> 2) Web page ids.cgi stops loading after header
>>>> The page header down through "Intrusion Prevention System <?>" is displayed and then stops -- nothing else on the page
>>>> Log in httpd error shows as:
>>>> "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. "
>>>> I went to the directory and created the 'ignored' file and chowned it to nobody:nobody.
>>>> That allowed the page to complete loading
>>>>
>>>> -cab
>>>>
>> <hostile_private_net.log>
[-- Attachment #2: var_log_messages.txt --]
[-- Type: text/plain, Size: 4923 bytes --]
Mar 11 17:01:23 ipfire pakfire: DOWNLOAD INFO: 2.27.2-x86_64/lists/server-list.db has size of bytes
Mar 11 17:01:23 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
Mar 11 17:01:23 ipfire pakfire: Giving up: There was no chance to get the file 2.27.2-x86_64/lists/server-list.db from any available server. There was an error on the way. Please fix it.
Mar 11 17:01:23 ipfire pakfire: MIRROR ERROR: Could not find or download a server list
Mar 11 17:01:26 ipfire kernel: usb 1-5.3: new high-speed USB device number 6 using xhci_hcd
Mar 11 17:01:26 ipfire kernel: usb 1-5.3: New USB device found, idVendor=067b, idProduct=2515, bcdDevice= 1.00
Mar 11 17:01:26 ipfire kernel: usb 1-5.3: New USB device strings: Mfr=1, Product=3, SerialNumber=0
Mar 11 17:01:26 ipfire kernel: usb 1-5.3: Product: USB Embedded Hub
Mar 11 17:01:26 ipfire kernel: usb 1-5.3: Manufacturer: Prolific Technology Inc.
Mar 11 17:01:26 ipfire kernel: hub 1-5.3:1.0: USB hub found
Mar 11 17:01:26 ipfire kernel: hub 1-5.3:1.0: 1 port detected
Mar 11 17:01:26 ipfire kernel: usb 1-5.3.1: new high-speed USB device number 7 using xhci_hcd
Mar 11 17:01:26 ipfire kernel: usb 1-5.3.1: New USB device found, idVendor=067b, idProduct=2517, bcdDevice= 1.00
Mar 11 17:01:26 ipfire kernel: usb 1-5.3.1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
Mar 11 17:01:26 ipfire kernel: usb 1-5.3.1: Product: USB Mass Storage Device
Mar 11 17:01:26 ipfire kernel: usb 1-5.3.1: Manufacturer: Prolific Technology Inc.
Mar 11 17:01:26 ipfire kernel: usb-storage 1-5.3.1:1.0: USB Mass Storage device detected
Mar 11 17:01:26 ipfire kernel: scsi host2: usb-storage 1-5.3.1:1.0
Mar 11 17:01:27 ipfire kernel: usb 1-5.3: USB disconnect, device number 6
Mar 11 17:01:27 ipfire kernel: usb 1-5.3.1: USB disconnect, device number 7
Mar 11 17:01:27 ipfire kernel: usb 1-5.3: new high-speed USB device number 8 using xhci_hcd
Mar 11 17:01:27 ipfire kernel: usb 1-5.3: New USB device found, idVendor=067b, idProduct=2515, bcdDevice= 1.00
Mar 11 17:01:27 ipfire kernel: usb 1-5.3: New USB device strings: Mfr=1, Product=3, SerialNumber=0
Mar 11 17:01:27 ipfire kernel: usb 1-5.3: Product: USB Embedded Hub
Mar 11 17:01:27 ipfire kernel: usb 1-5.3: Manufacturer: Prolific Technology Inc.
Mar 11 17:01:27 ipfire kernel: hub 1-5.3:1.0: USB hub found
Mar 11 17:01:27 ipfire kernel: hub 1-5.3:1.0: 1 port detected
Mar 11 17:01:27 ipfire kernel: usb 1-5.3.1: new high-speed USB device number 9 using xhci_hcd
Mar 11 17:01:27 ipfire kernel: usb 1-5.3.1: New USB device found, idVendor=067b, idProduct=2517, bcdDevice= 1.00
Mar 11 17:01:27 ipfire kernel: usb 1-5.3.1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
Mar 11 17:01:27 ipfire kernel: usb 1-5.3.1: Product: USB Mass Storage Device
Mar 11 17:01:27 ipfire kernel: usb 1-5.3.1: Manufacturer: Prolific Technology Inc.
Mar 11 17:01:27 ipfire kernel: usb-storage 1-5.3.1:1.0: USB Mass Storage device detected
Mar 11 17:01:27 ipfire kernel: scsi host2: usb-storage 1-5.3.1:1.0
Mar 11 17:01:28 ipfire kernel: scsi 2:0:0:0: Direct-Access IOCELL CELLDISK2.0 1.00 PQ: 0 ANSI: 0 CCS
Mar 11 17:01:28 ipfire kernel: sd 2:0:0:0: Attached scsi generic sg1 type 0
Mar 11 17:01:28 ipfire kernel: sd 2:0:0:0: [sdb] 2031616 512-byte logical blocks: (1.04 GB/992 MiB)
Mar 11 17:01:28 ipfire kernel: sd 2:0:0:0: [sdb] Write Protect is off
Mar 11 17:01:28 ipfire kernel: sd 2:0:0:0: [sdb] No Caching mode page found
Mar 11 17:01:28 ipfire kernel: sd 2:0:0:0: [sdb] Assuming drive cache: write through
Mar 11 17:01:28 ipfire kernel: sdb: sdb1
Mar 11 17:01:28 ipfire kernel: sd 2:0:0:0: [sdb] Attached SCSI removable disk
Mar 11 17:01:33 ipfire login[2563]: ROOT LOGIN on '/dev/console'
Mar 11 17:01:46 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.131 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=31409 DF PROTO=ICMP TYPE=8 CODE=0 ID=8259 SEQ=1
Mar 11 17:01:47 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.131 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=31440 DF PROTO=ICMP TYPE=8 CODE=0 ID=8259 SEQ=2
Mar 11 17:01:48 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.131 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=32110 DF PROTO=ICMP TYPE=8 CODE=0 ID=8259 SEQ=3
Mar 11 17:01:49 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.131 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=32789 DF PROTO=ICMP TYPE=8 CODE=0 ID=8259 SEQ=4
Mar 11 17:01:52 ipfire collectd[2444]: ping plugin: ping_send failed: Operation not permitted
Mar 11 17:01:52 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.131 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=33416 DF PROTO=ICMP TYPE=8 CODE=0 ID=39368 SEQ=0
Mar 11 17:02:22 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=192.168.1.131 DST=192.168.1.1 LEN=104 TOS=0x00 PREC=0x00 TTL=255 ID=57998 DF PROTO=ICMP TYPE=8 CODE=0 ID=39368 SEQ=0
[-- Attachment #3: iptables_L_nv_a.txt --]
[-- Type: text/plain, Size: 19727 bytes --]
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 IPSBYPASS all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xc0000000/0xc0000000
3700 203K BADTCP tcp -- * * 0.0.0.0/0 0.0.0.0/0
3869 215K CUSTOMINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
3869 215K GUARDIAN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 OVPNBLOCK all -- tun+ * 0.0.0.0/0 0.0.0.0/0
3869 215K IPS_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xc0000000
3869 215K IPTVINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
3869 215K ICMPINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
3869 215K LOOPBACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 CAPTIVE_PORTAL all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 CONNTRACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DHCPGREENINPUT all -- green0 * 0.0.0.0/0 0.0.0.0/0
0 0 DHCPBLUEINPUT all -- blue0 * 0.0.0.0/0 0.0.0.0/0
0 0 HOSTILE all -- red0 * 0.0.0.0/0 0.0.0.0/0
0 0 TOR_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOCATIONBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IPSECINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 GUIINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 WIRELESSINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
0 0 OVPNINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 INPUTFW all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REDINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 POLICYIN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 IPSBYPASS all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xc0000000/0xc0000000
0 0 BADTCP tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 CUSTOMFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 GUARDIAN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IPSECBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none
0 0 OVPNBLOCK all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 OVPNBLOCK all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 IPS_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xc0000000
0 0 IPTVFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOOPBACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 CAPTIVE_PORTAL all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 CONNTRACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 HOSTILE all -- red0 * 0.0.0.0/0 0.0.0.0/0
0 0 HOSTILE all -- * red0 0.0.0.0/0 0.0.0.0/0
0 0 LOCATIONBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IPSECFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 WIRELESSFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
0 0 FORWARDFW all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REDFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 POLICYFWD all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 IPSBYPASS all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xc0000000/0xc0000000
3984 225K CUSTOMOUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
3984 225K IPSECBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none
3984 225K IPS_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xc0000000
3984 225K LOOPBACK all -- * * 0.0.0.0/0 0.0.0.0/0
115 9398 CONNTRACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DHCPGREENOUTPUT all -- * green0 0.0.0.0/0 0.0.0.0/0
0 0 DHCPBLUEOUTPUT all -- * blue0 0.0.0.0/0 0.0.0.0/0
115 9398 HOSTILE all -- * red0 0.0.0.0/0 0.0.0.0/0
0 0 IPSECOUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 TOR_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 OUTGOINGFW all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 POLICYOUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain BADTCP (2 references)
pkts bytes target prot opt in out source destination
3700 203K RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 NEWNOTSYN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW
Chain CAPTIVE_PORTAL (2 references)
pkts bytes target prot opt in out source destination
Chain CAPTIVE_PORTAL_CLIENTS (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 limit: up to 3kb/s burst 1mb mode srcip
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 limit: up to 3kb/s burst 1mb mode srcip
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain CONNTRACK (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED
0 0 CTINVALID all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
Chain CTINVALID (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_CTINVALID "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_CTINVALID */
Chain CUSTOMFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain CUSTOMINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain CUSTOMOUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain DHCPBLUEINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain DHCPBLUEOUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain DHCPGREENINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 DHCPINPUT all -- green0 * 0.0.0.0/0 0.0.0.0/0
Chain DHCPGREENOUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 DHCPOUTPUT all -- * green0 0.0.0.0/0 0.0.0.0/0
Chain DHCPINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
Chain DHCPOUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
Chain FORWARDFW (1 references)
pkts bytes target prot opt in out source destination
Chain GUARDIAN (2 references)
pkts bytes target prot opt in out source destination
Chain GUIINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- green0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:444
Chain HOSTILE (4 references)
pkts bytes target prot opt in out source destination
39 3195 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_HOSTILE "
115 9398 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_HOSTILE */
Chain ICMPINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
Chain INPUTFW (1 references)
pkts bytes target prot opt in out source destination
Chain IPSBYPASS (3 references)
pkts bytes target prot opt in out source destination
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save mask 0x7fffffff
Chain IPSECBLOCK (2 references)
pkts bytes target prot opt in out source destination
Chain IPSECFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain IPSECINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain IPSECOUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain IPS_FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain IPS_INPUT (1 references)
pkts bytes target prot opt in out source destination
Chain IPS_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain IPTVFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain IPTVINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain LOCATIONBLOCK (2 references)
pkts bytes target prot opt in out source destination
Chain LOG_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOG_REJECT (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain LOOPBACK (3 references)
pkts bytes target prot opt in out source destination
3869 215K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3869 215K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 SPOOFED_MARTIAN all -- * * 127.0.0.0/8 0.0.0.0/0
0 0 SPOOFED_MARTIAN all -- * * 0.0.0.0/0 127.0.0.0/8
Chain NEWNOTSYN (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_NEWNOTSYN "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_NEWNOTSYN */
Chain OUTGOINGFW (1 references)
pkts bytes target prot opt in out source destination
Chain OVPNBLOCK (3 references)
pkts bytes target prot opt in out source destination
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
Chain OVPNINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain POLICYFWD (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- green0 * 192.168.2.0/24 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol ipsec
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- blue0 red0 192.168.3.0/24 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_FORWARD "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_FORWARD */
Chain POLICYIN (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514
0 0 ACCEPT all -- green0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- blue0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol ipsec
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_INPUT "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_INPUT */
Chain POLICYOUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_OUTPUT */
Chain PSCAN (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 /* DROP_TCP PScan */ LOG flags 0 level 4 prefix "DROP_TCP Scan "
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 /* DROP_UDP PScan */ LOG flags 0 level 4 prefix "DROP_UDP Scan "
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 /* DROP_ICMP PScan */ LOG flags 0 level 4 prefix "DROP_ICMP Scan "
0 0 LOG all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 /* DROP_FRAG PScan */ LOG flags 0 level 4 prefix "DROP_FRAG Scan "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_PScan */
Chain REDFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain REDINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 SPOOFED_MARTIAN all -- red0 * 192.168.1.131 0.0.0.0/0
0 0 ACCEPT tcp -- red0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
0 0 ACCEPT udp -- red0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
Chain SPOOFED_MARTIAN (3 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_SPOOFED_MARTIAN "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_SPOOFED_MARTIAN */
Chain TOR_INPUT (1 references)
pkts bytes target prot opt in out source destination
Chain TOR_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain WIRELESSFORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- blue0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "DROP_Wirelessforward"
0 0 DROP all -- blue0 * 0.0.0.0/0 0.0.0.0/0 /* DROP_Wirelessforward */
Chain WIRELESSINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- blue0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "DROP_Wirelessinput"
0 0 DROP all -- blue0 * 0.0.0.0/0 0.0.0.0/0 /* DROP_Wirelessinput */
[-- Attachment #4: iptables_L_nv_b.txt --]
[-- Type: text/plain, Size: 19461 bytes --]
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 IPSBYPASS all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xc0000000/0xc0000000
7293 5494K BADTCP tcp -- * * 0.0.0.0/0 0.0.0.0/0
7381 5515K CUSTOMINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
7381 5515K GUARDIAN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 OVPNBLOCK all -- tun+ * 0.0.0.0/0 0.0.0.0/0
7381 5515K IPS_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xc0000000
7381 5515K IPTVINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
7381 5515K ICMPINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
7381 5515K LOOPBACK all -- * * 0.0.0.0/0 0.0.0.0/0
3673 5310K CAPTIVE_PORTAL all -- * * 0.0.0.0/0 0.0.0.0/0
3673 5310K CONNTRACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DHCPGREENINPUT all -- green0 * 0.0.0.0/0 0.0.0.0/0
0 0 DHCPBLUEINPUT all -- blue0 * 0.0.0.0/0 0.0.0.0/0
0 0 HOSTILE all -- red0 * 0.0.0.0/0 0.0.0.0/0
0 0 TOR_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOCATIONBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IPSECINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 GUIINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 WIRELESSINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
0 0 OVPNINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 INPUTFW all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REDINPUT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 POLICYIN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 IPSBYPASS all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xc0000000/0xc0000000
0 0 BADTCP tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 CUSTOMFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 GUARDIAN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IPSECBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none
0 0 OVPNBLOCK all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 OVPNBLOCK all -- * tun+ 0.0.0.0/0 0.0.0.0/0
0 0 IPS_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xc0000000
0 0 IPTVFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOOPBACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 CAPTIVE_PORTAL all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 CONNTRACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 HOSTILE all -- red0 * 0.0.0.0/0 0.0.0.0/0
0 0 HOSTILE all -- * red0 0.0.0.0/0 0.0.0.0/0
0 0 LOCATIONBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 IPSECFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 WIRELESSFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
0 0 FORWARDFW all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REDFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 POLICYFWD all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 IPSBYPASS all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xc0000000/0xc0000000
4856 276K CUSTOMOUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
4856 276K IPSECBLOCK all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none
4856 276K IPS_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xc0000000
4856 276K LOOPBACK all -- * * 0.0.0.0/0 0.0.0.0/0
1148 70442 CONNTRACK all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DHCPGREENOUTPUT all -- * green0 0.0.0.0/0 0.0.0.0/0
0 0 DHCPBLUEOUTPUT all -- * blue0 0.0.0.0/0 0.0.0.0/0
77 5787 HOSTILE all -- * red0 0.0.0.0/0 0.0.0.0/0
77 5787 IPSECOUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
77 5787 TOR_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
77 5787 OUTGOINGFW all -- * * 0.0.0.0/0 0.0.0.0/0
77 5787 POLICYOUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain BADTCP (2 references)
pkts bytes target prot opt in out source destination
3668 202K RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 NEWNOTSYN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW
Chain CAPTIVE_PORTAL (2 references)
pkts bytes target prot opt in out source destination
Chain CAPTIVE_PORTAL_CLIENTS (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 limit: up to 3kb/s burst 1mb mode srcip
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 limit: up to 3kb/s burst 1mb mode srcip
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain CONNTRACK (3 references)
pkts bytes target prot opt in out source destination
4720 5372K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED
19 988 CTINVALID all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
5 1644 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
Chain CTINVALID (1 references)
pkts bytes target prot opt in out source destination
19 988 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_CTINVALID "
19 988 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_CTINVALID */
Chain CUSTOMFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain CUSTOMINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain CUSTOMOUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain DHCPBLUEINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain DHCPBLUEOUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain DHCPGREENINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 DHCPINPUT all -- green0 * 0.0.0.0/0 0.0.0.0/0
Chain DHCPGREENOUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 DHCPOUTPUT all -- * green0 0.0.0.0/0 0.0.0.0/0
Chain DHCPINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
Chain DHCPOUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
Chain FORWARDFW (1 references)
pkts bytes target prot opt in out source destination
Chain GUARDIAN (2 references)
pkts bytes target prot opt in out source destination
Chain GUIINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- green0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:444
Chain HOSTILE (4 references)
pkts bytes target prot opt in out source destination
Chain ICMPINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
Chain INPUTFW (1 references)
pkts bytes target prot opt in out source destination
Chain IPSBYPASS (3 references)
pkts bytes target prot opt in out source destination
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save mask 0x7fffffff
Chain IPSECBLOCK (2 references)
pkts bytes target prot opt in out source destination
Chain IPSECFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain IPSECINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain IPSECOUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain IPS_FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain IPS_INPUT (1 references)
pkts bytes target prot opt in out source destination
Chain IPS_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain IPTVFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain IPTVINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain LOCATIONBLOCK (2 references)
pkts bytes target prot opt in out source destination
Chain LOG_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOG_REJECT (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain LOOPBACK (3 references)
pkts bytes target prot opt in out source destination
3708 205K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3708 205K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 SPOOFED_MARTIAN all -- * * 127.0.0.0/8 0.0.0.0/0
0 0 SPOOFED_MARTIAN all -- * * 0.0.0.0/0 127.0.0.0/8
Chain NEWNOTSYN (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_NEWNOTSYN "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_NEWNOTSYN */
Chain OUTGOINGFW (1 references)
pkts bytes target prot opt in out source destination
Chain OVPNBLOCK (3 references)
pkts bytes target prot opt in out source destination
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
Chain OVPNINPUT (1 references)
pkts bytes target prot opt in out source destination
Chain POLICYFWD (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- green0 * 192.168.2.0/24 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol ipsec
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- blue0 red0 192.168.3.0/24 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_FORWARD "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_FORWARD */
Chain POLICYIN (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514
0 0 ACCEPT all -- green0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- blue0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir in pol ipsec
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_INPUT "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_INPUT */
Chain POLICYOUT (1 references)
pkts bytes target prot opt in out source destination
3 312 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_OUTPUT */
Chain PSCAN (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 /* DROP_TCP PScan */ LOG flags 0 level 4 prefix "DROP_TCP Scan "
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 /* DROP_UDP PScan */ LOG flags 0 level 4 prefix "DROP_UDP Scan "
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 /* DROP_ICMP PScan */ LOG flags 0 level 4 prefix "DROP_ICMP Scan "
0 0 LOG all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 /* DROP_FRAG PScan */ LOG flags 0 level 4 prefix "DROP_FRAG Scan "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_PScan */
Chain REDFORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain REDINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 SPOOFED_MARTIAN all -- red0 * 192.168.1.131 0.0.0.0/0
0 0 ACCEPT tcp -- red0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
0 0 ACCEPT udp -- red0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
Chain SPOOFED_MARTIAN (3 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix "DROP_SPOOFED_MARTIAN "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* DROP_SPOOFED_MARTIAN */
Chain TOR_INPUT (1 references)
pkts bytes target prot opt in out source destination
Chain TOR_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain WIRELESSFORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- blue0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "DROP_Wirelessforward"
0 0 DROP all -- blue0 * 0.0.0.0/0 0.0.0.0/0 /* DROP_Wirelessforward */
Chain WIRELESSINPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- blue0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "DROP_Wirelessinput"
0 0 DROP all -- blue0 * 0.0.0.0/0 0.0.0.0/0 /* DROP_Wirelessinput */
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Testing Issues with core165 Development Build: next/cad86575
2022-03-11 23:40 ` Charles Brown
@ 2022-03-17 15:52 ` Michael Tremer
2022-03-17 19:34 ` Charles Brown
0 siblings, 1 reply; 9+ messages in thread
From: Michael Tremer @ 2022-03-17 15:52 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2919 bytes --]
Hello Charles,
Apologies for the late reply. I believe that this change should make your problem go away:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=12cd38896795836c3f4e2c8a661b2c36d444d89a
Could you please test again with one of the latest builds?
Best,
-Michael
> On 11 Mar 2022, at 23:40, Charles Brown <cab_77573(a)yahoo.com> wrote:
>
> True, it is not reproducible with latest c165 build.
> However, I punted back to "core165 Development Build: next/cad86575" to test my sanity, the glitch was quite reproducible.
> Logs are attached: /var/log/messages; the (a) iptables output at first boot; the (b) iptables output after changing hostile fw option to off and rebooting
> .
>
> On 3/11/2022 10:28 AM, Michael Tremer wrote:
>> Hello,
>>
>> I tried to reproduce this and I can’t.
>>
>> Could you please send the output of “iptables -L -nv” to help me debug this?
>>
>> -Michael
>>
>>> On 8 Mar 2022, at 20:13, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>
>>> Just tried again with next/2022-03-08 09:59:43 +0000-32ce7ab4/x86_64
>>> It seems simple to reproduce. See attached log.
>>> At initial boot after fresh install, cannot ping local private address gateway -- DROP_HOSTILE
>>> After editing settings in /var/ipfiire/optionsfw/settings -- changing DROPHOSTILE to off -- and rebooting, things worked as expected.
>>> I then changed DROPHOSTILE setting to on and rebooted -- resulting again with DROP_HOSTILE when pinging my local gateway.
>>>
>>>
>>> On 3/8/2022 9:47 AM, Michael Tremer wrote:
>>>> Hello Charles,
>>>>
>>>>> On 7 Mar 2022, at 12:26, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>>>
>>>>> Did a fresh install of core165 Development Build: next/cad86575
>>>>>
>>>>> 1) Private Network is ‘Hostile’ – should it be?
>>>> No, it shouldn’t.
>>>>
>>>>> Initially, I had no access to red zone. All traffic was getting DROP_HOSTILE.
>>>>> My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’.
>>>> Do you have some log files so I can look at what matched?
>>>>
>>>> What build are you running?
>>>>
>>>> -Michael
>>>>
>>>>> 2) Web page ids.cgi stops loading after header
>>>>> The page header down through "Intrusion Prevention System <?>" is displayed and then stops -- nothing else on the page
>>>>> Log in httpd error shows as:
>>>>> "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. "
>>>>> I went to the directory and created the 'ignored' file and chowned it to nobody:nobody.
>>>>> That allowed the page to complete loading
>>>>>
>>>>> -cab
>>>>>
>>> <hostile_private_net.log>
> <var_log_messages.txt><iptables_L_nv_a.txt><iptables_L_nv_b.txt>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Testing Issues with core165 Development Build: next/cad86575
2022-03-17 15:52 ` Michael Tremer
@ 2022-03-17 19:34 ` Charles Brown
2022-03-18 9:14 ` Michael Tremer
0 siblings, 1 reply; 9+ messages in thread
From: Charles Brown @ 2022-03-17 19:34 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3250 bytes --]
As with my comment below on Mar 11, the issue was no longer present in
the c165 test builds. Surely this is not a current issue or you would
have been hearing more noise about it
Thanks for looking into it anyway,
-Charles
On 3/17/2022 10:52 AM, Michael Tremer wrote:
> Hello Charles,
>
> Apologies for the late reply. I believe that this change should make your problem go away:
>
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=12cd38896795836c3f4e2c8a661b2c36d444d89a
>
> Could you please test again with one of the latest builds?
>
> Best,
> -Michael
>
>> On 11 Mar 2022, at 23:40, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>
>> True, it is not reproducible with latest c165 build.
>> However, I punted back to "core165 Development Build: next/cad86575" to test my sanity, the glitch was quite reproducible.
>> Logs are attached: /var/log/messages; the (a) iptables output at first boot; the (b) iptables output after changing hostile fw option to off and rebooting
>> .
>>
>> On 3/11/2022 10:28 AM, Michael Tremer wrote:
>>> Hello,
>>>
>>> I tried to reproduce this and I can’t.
>>>
>>> Could you please send the output of “iptables -L -nv” to help me debug this?
>>>
>>> -Michael
>>>
>>>> On 8 Mar 2022, at 20:13, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>>
>>>> Just tried again with next/2022-03-08 09:59:43 +0000-32ce7ab4/x86_64
>>>> It seems simple to reproduce. See attached log.
>>>> At initial boot after fresh install, cannot ping local private address gateway -- DROP_HOSTILE
>>>> After editing settings in /var/ipfiire/optionsfw/settings -- changing DROPHOSTILE to off -- and rebooting, things worked as expected.
>>>> I then changed DROPHOSTILE setting to on and rebooted -- resulting again with DROP_HOSTILE when pinging my local gateway.
>>>>
>>>>
>>>> On 3/8/2022 9:47 AM, Michael Tremer wrote:
>>>>> Hello Charles,
>>>>>
>>>>>> On 7 Mar 2022, at 12:26, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>>>>
>>>>>> Did a fresh install of core165 Development Build: next/cad86575
>>>>>>
>>>>>> 1) Private Network is ‘Hostile’ – should it be?
>>>>> No, it shouldn’t.
>>>>>
>>>>>> Initially, I had no access to red zone. All traffic was getting DROP_HOSTILE.
>>>>>> My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’.
>>>>> Do you have some log files so I can look at what matched?
>>>>>
>>>>> What build are you running?
>>>>>
>>>>> -Michael
>>>>>
>>>>>> 2) Web page ids.cgi stops loading after header
>>>>>> The page header down through "Intrusion Prevention System <?>" is displayed and then stops -- nothing else on the page
>>>>>> Log in httpd error shows as:
>>>>>> "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. "
>>>>>> I went to the directory and created the 'ignored' file and chowned it to nobody:nobody.
>>>>>> That allowed the page to complete loading
>>>>>>
>>>>>> -cab
>>>>>>
>>>> <hostile_private_net.log>
>> <var_log_messages.txt><iptables_L_nv_a.txt><iptables_L_nv_b.txt>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Testing Issues with core165 Development Build: next/cad86575
2022-03-17 19:34 ` Charles Brown
@ 2022-03-18 9:14 ` Michael Tremer
0 siblings, 0 replies; 9+ messages in thread
From: Michael Tremer @ 2022-03-18 9:14 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3456 bytes --]
> On 17 Mar 2022, at 19:34, Charles Brown <cab_77573(a)yahoo.com> wrote:
>
> As with my comment below on Mar 11, the issue was no longer present in the c165 test builds. Surely this is not a current issue or you would have been hearing more noise about it
That is the way to go :)
> Thanks for looking into it anyway,
> -Charles
>
> On 3/17/2022 10:52 AM, Michael Tremer wrote:
>> Hello Charles,
>>
>> Apologies for the late reply. I believe that this change should make your problem go away:
>>
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=12cd38896795836c3f4e2c8a661b2c36d444d89a
>>
>> Could you please test again with one of the latest builds?
>>
>> Best,
>> -Michael
>>
>>> On 11 Mar 2022, at 23:40, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>
>>> True, it is not reproducible with latest c165 build.
>>> However, I punted back to "core165 Development Build: next/cad86575" to test my sanity, the glitch was quite reproducible.
>>> Logs are attached: /var/log/messages; the (a) iptables output at first boot; the (b) iptables output after changing hostile fw option to off and rebooting
>>> .
>>>
>>> On 3/11/2022 10:28 AM, Michael Tremer wrote:
>>>> Hello,
>>>>
>>>> I tried to reproduce this and I can’t.
>>>>
>>>> Could you please send the output of “iptables -L -nv” to help me debug this?
>>>>
>>>> -Michael
>>>>
>>>>> On 8 Mar 2022, at 20:13, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>>>
>>>>> Just tried again with next/2022-03-08 09:59:43 +0000-32ce7ab4/x86_64
>>>>> It seems simple to reproduce. See attached log.
>>>>> At initial boot after fresh install, cannot ping local private address gateway -- DROP_HOSTILE
>>>>> After editing settings in /var/ipfiire/optionsfw/settings -- changing DROPHOSTILE to off -- and rebooting, things worked as expected.
>>>>> I then changed DROPHOSTILE setting to on and rebooted -- resulting again with DROP_HOSTILE when pinging my local gateway.
>>>>>
>>>>>
>>>>> On 3/8/2022 9:47 AM, Michael Tremer wrote:
>>>>>> Hello Charles,
>>>>>>
>>>>>>> On 7 Mar 2022, at 12:26, Charles Brown <cab_77573(a)yahoo.com> wrote:
>>>>>>>
>>>>>>> Did a fresh install of core165 Development Build: next/cad86575
>>>>>>>
>>>>>>> 1) Private Network is ‘Hostile’ – should it be?
>>>>>> No, it shouldn’t.
>>>>>>
>>>>>>> Initially, I had no access to red zone. All traffic was getting DROP_HOSTILE.
>>>>>>> My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’.
>>>>>> Do you have some log files so I can look at what matched?
>>>>>>
>>>>>> What build are you running?
>>>>>>
>>>>>> -Michael
>>>>>>
>>>>>>> 2) Web page ids.cgi stops loading after header
>>>>>>> The page header down through "Intrusion Prevention System <?>" is displayed and then stops -- nothing else on the page
>>>>>>> Log in httpd error shows as:
>>>>>>> "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. "
>>>>>>> I went to the directory and created the 'ignored' file and chowned it to nobody:nobody.
>>>>>>> That allowed the page to complete loading
>>>>>>>
>>>>>>> -cab
>>>>>>>
>>>>> <hostile_private_net.log>
>>> <var_log_messages.txt><iptables_L_nv_a.txt><iptables_L_nv_b.txt>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Testing Issues with core165 Development Build: next/cad86575
[not found] <16a1fbd2-c1fc-50a5-8c58-5a85a0528f5c@yahoo.com>
@ 2022-03-07 16:51 ` Stefan Schantl
0 siblings, 0 replies; 9+ messages in thread
From: Stefan Schantl @ 2022-03-07 16:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 899 bytes --]
Hello Charles,
a big thanks for pointing this regression out. I've introduced this by
one of my latest IDS related fixes :(
I'll send a patch to the list to fix this issue.
Best regards,
-Stefan
> Hi Stefan,
>
> In case you had not noticed ... after fresh install of latest
> next/cad86575
> ...
>
> Web page ids.cgi stops loading after header.
> The page header down through "Intrusion Prevention System <?>" is
> displayed and then stops -- nothing else on the page
>
> Log in httpd error shows as:
>
> "Unable to read file /var/ipfire/suricata/ignored at
> /var/ipfire/general-functions.pl line 883."
>
> I went to the directory and touched "ignored" file and chowned it to
> nobody:nobody.
> That allowed the page to complete loading
>
> I don't know if the chown was necessary -- I didn't try reloading the
> page before doing it.
>
>
> Cheers,
> Charles Brown
>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-03-18 9:14 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <06172f89-90ad-7851-ad93-25cd8d390c38.ref@yahoo.com>
2022-03-07 12:26 ` Testing Issues with core165 Development Build: next/cad86575 Charles Brown
2022-03-08 15:47 ` Michael Tremer
2022-03-08 20:13 ` Charles Brown
2022-03-11 16:28 ` Michael Tremer
2022-03-11 23:40 ` Charles Brown
2022-03-17 15:52 ` Michael Tremer
2022-03-17 19:34 ` Charles Brown
2022-03-18 9:14 ` Michael Tremer
[not found] <16a1fbd2-c1fc-50a5-8c58-5a85a0528f5c@yahoo.com>
2022-03-07 16:51 ` Stefan Schantl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox