OK. Now I have everything working well. Guardian is auto-blocking and allowing me to selectively block and unblock as well as unblock all.

I think the IDS module really needs some kind of default settings for those who want to use it but don't understand the complexities of Snort's rules. I just guessed at things when I set Snort up, but it does produce logs of possible intrusion attempts and Guardian does respond appropriately.

On Sat, Jul 16, 2016 at 2:43 PM, R. W. Rodolico <rodo@dailydata.net> wrote:
I saw the same issue and filed a bug report
(https://bugzilla.ipfire.org/show_bug.cgi?id=11146).

When something like this pops up, I generally
https://bugzilla.ipfire.org/show_bug.cgi?id=11146
immediately after the problem shows up; that usually gives some
indication of the problem.

As Matthias says, it is a permissions issue on the configuration file
directory. Either manually create the files (with correct ownership and
permission) or change ownership/permission on the directory. Then, you
have a nice, pretty GUI.

I was able to efficiently block myself from the GUI after that. Since I
don't know anything about how to test Snort, I'm having problems getting
it to block automatically, but that is another issue.

Rod

On 07/16/2016 09:19 AM, Mark Coolen wrote:
> I'm a bit confused about that. Why would 2.0-002 be newer than 2.0-010?
> There's a 2.0-012 under 'old approach' but those files have an older
> timestamp. The 2.0-002 is a tarball, but the 2.0-010 is an ipfire
> package as are the 'dependancies'. I've used Guardian 2 several times in
> the past by just extracting according to the instructions on stevee's
> ;--) page, but that doesn't seem to work with the 2.0-002 tarball. I
> just get a completely blank page in the GUI.
> How do we test?
>
> On Sat, Jul 16, 2016 at 2:59 AM, Matthias Fischer
> <matthias.fischer@ipfire.org <mailto:matthias.fischer@ipfire.org>> wrote:
>
>     Hi,
>
>     Ok, next.
>
>     Am I right assuming that the '2.0-002'-version at
>     http://people.ipfire.org/~stevee/guardian-2.0/ plus
>     http://people.ipfire.org/~stevee/guardian-2.0/packages/dependencies/ is
>     the latest!?
>
>     Best,
>     Matthias
>
>     On 16.07.2016 04:03, Mark Coolen wrote:
>     > I'm willing to test it as well. I take it the instructions from
>     > http://planet.ipfire.org/post/introducing-guardian-2-0-for-ipfire
>     are still
>     > good?
>     >
>     > On Fri, Jul 15, 2016 at 8:23 PM, R. W. Rodolico
>     <rodo@dailydata.net <mailto:rodo@dailydata.net>> wrote:
>     >
> Tell me what I need to do to test Guardian. I've never installed it,
> but I am doing it now.
>
> Rod
>
> On 07/15/2016 05:00 AM, Michael Tremer wrote:
>> Hi guys,
>
>> even if you have a conversation on the phone, please try keeping us
>> in the loop.
>
>> So the key points of what I know:
>
>> * A release is targeted for core update 104
>
>> * There are a few changes required so that re-blocking a host after
>> it has been manually unblocked allows this host the configured
>> number of tries again and not only one.
>
>> * Many more testers are required since feedback is really low at
>> this point.
>
>> Did I get this right? What is the ETA for a set of patches on the
>> mailing list?
>
>> What is the plan to engage more testers?
>
>> Best, -Michael
>
>> On Thu, 2016-07-14 at 14:36 +0200, Daniel Weismüller wrote:
>>> Hi Stevee I know you are very busy and working hard on the this.
>>> But if you want to release the new Guardian 2 with Core 104 we
>>> still need to do some work and it must be tested! So please tell
>>> us something about the new guardian2 and the state of your work.
>>>
>>> Maybe we find more testers here on the list.
>>>
>>> Meanwhile I've talked with Michael about the state which I know
>>> of the guardian2 and we both go confirm that the list of blocked
>>> IPs which runs in the background isn't a good idea. Please let us
>>> talk by phone about it again.
>>>
>>> - Daniel
>
>     >>
>     >
>     >
>     >
>
>
>
>
> --
>  _  _           _     ___         _
>  )\/,) ___  __  )L,   ))  __  __  )) __ _ _
> ((`(( ((_( (|  ((\   ((__((_)((_)(( (('((\(

--
Rod Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
214.827.2170
http://www.dailydata.net



--
 _  _           _     ___         _         
 )\/,) ___  __  )L,   ))  __  __  )) __ _ _
((`(( ((_( (|  ((\   ((__((_)((_)(( (('((\(