From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: Re: Core116 - Guardian Priority Not Working Date: Sat, 11 Nov 2017 22:17:02 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3772107331951890122==" List-Id: --===============3772107331951890122== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hi, Confirmed. Best, Matthias On 11.11.2017 19:15, Douglas Duckworth wrote: > No problem > > Done > > https://bugzilla.ipfire.org/show_bug.cgi?id=11544 > > Thanks, > > Douglas Duckworth, MSc, LFCS > HPC System Administrator > Scientific Computing Unit > Physiology and Biophysics > Weill Cornell Medicine > E: doug(a)med.cornell.edu > O: 212-746-6305 > F: 212-746-8690 > > On Sat, Nov 11, 2017 at 1:12 PM, Peter Müller > wrote: > >> Hello, >> >> could you please file this issue into a bug at: >> https://urldefense.proofpoint.com/v2/url?u=https-3A__ >> bugzilla.ipfire.org_&d=DwIFaQ&c=lb62iw4YL4RFalcE2hQUQealT9- >> RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m= >> okk6TOoVKluwinbPon6X7slnA2ey-DeI8BFCjLj5_9E&s= >> J6kMSWThGfY92guFItTx22URRilXwmBtPQRZGk2Xty0&e= >> >> Thank you. :-) >> >> Best regards, >> Peter Müller >> >> > Hi >> > >> > I have Guardian set to only block Snort Priority Level 1 alerts but it's >> > blocking Level 2 as well. >> > >> > Alert: >> > >> > [**] [1:2402000:4623] ET DROP Dshield Block Listed Source group 1 [**] >> > [Classification: Misc Attack] [Priority: 2] >> > 11/11-12:18:49.554499 77.72.82.7:53790 -> myip:4569 >> > TCP TTL:246 TOS:0x28 ID:53722 IpLen:20 DgmLen:40 >> > ******S* Seq: 0xFBE35F5A Ack: 0x0 Win: 0x400 TcpLen: 20 >> > [Xref => https://urldefense.proofpoint.com/v2/url?u=http-3A__feeds. >> dshield.org_block.txt&d=DwIFaQ&c=lb62iw4YL4RFalcE2hQUQealT9- >> RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m= >> okk6TOoVKluwinbPon6X7slnA2ey-DeI8BFCjLj5_9E&s=_ >> T4hJ7XVLbt8Z0KZgmQN05k9CLJSpr7Ew_w4sD09OZM&e=] >> > >> > syslog: >> > >> > Nov 11 12:18:49 ipfire guardian[3955]: Blocking 77.72.82.7 for >> 86400 >> > seconds... >> > >> > /var/ipfire/guardian/guardian.conf: >> > >> > # Autogenerated configuration file. >> > # All user modifications will be overwritten. >> > >> > # Log settings. >> > LogFacility = syslog >> > LogLevel = info >> > >> > # IPFire related settings. >> > FirewallEngine = IPtables >> > SocketOwner = nobody:nobody >> > IgnoreFile = /var/ipfire/guardian/guardian.ignore >> > >> > # Configured block settings. >> > BlockCount = 1 >> > BlockTime = 86400 >> > FirewallAction = DROP >> > >> > # Enabled modules. >> > Monitor_SSH = /var/log/messages >> > Monitor_SNORT = /var/log/snort/alert >> > Monitor_HTTPD = /var/log/httpd/error_log >> > >> > # Module settings. >> > SnortPriorityLevel = 1 >> > >> > Does anyone know of a fix? >> > >> > Thanks, >> > >> > Douglas Duckworth, MSc, LFCS >> > HPC System Administrator >> > Scientific Computing Unit >> > Physiology and Biophysics >> > Weill Cornell Medicine >> > E: doug(a)med.cornell.edu >> > O: 212-746-6305 >> > F: 212-746-8690 >> >> >> > --===============3772107331951890122==--