Hello list followers,
some time ago development for the new implementation of the Intrusion Detection functionality in IPFire has been started.
The main goal, in a nutshell, was to give IPFire a modern, feature-rich and user-friendly Intrusion Detection Engine. During this progress, the detection framework has been replaced - now suricata is used instead of snort.
Suricata uses a very modern and multi-threaded detection engine with support to perform actions on malicious traffic. So it provides the functionality of detecting any kind of intrusion attempts and the ability of guardian to block them under the same hood.
It was a lot of work, but finaly I'm happy to announce the first test version. It is almost feature complete and without any kind of bigger issues.
Because Intrusion Detection is a key feature of a firewall system, a lot of testing is required until the new implementation can become part of IPFire - therefore we need your help!
Download the test image ( https://people.ipfire.org/~stevee/suricata/Images/), do a lot of hard testing and provide your feedback or suggestions on the develoment mailing list (https://lists.ipfire.org/mailman/listinfo/development).
If you find any bugs please file them in the IPFire Bugtracker ( https://bugzilla.ipfire.org/).
Many thanks in advance,
-Stefan