True, it is not reproducible with latest c165 build. However, I punted back to "core165 Development Build: next/cad86575" to test my sanity, the glitch was quite reproducible. Logs are attached: /var/log/messages; the (a) iptables output at first boot; the (b) iptables output after changing hostile fw option to off and rebooting .
On 3/11/2022 10:28 AM, Michael Tremer wrote:
Hello,
I tried to reproduce this and I can’t.
Could you please send the output of “iptables -L -nv” to help me debug this?
-Michael
On 8 Mar 2022, at 20:13, Charles Brown cab_77573@yahoo.com wrote:
Just tried again with next/2022-03-08 09:59:43 +0000-32ce7ab4/x86_64 It seems simple to reproduce. See attached log. At initial boot after fresh install, cannot ping local private address gateway -- DROP_HOSTILE After editing settings in /var/ipfiire/optionsfw/settings -- changing DROPHOSTILE to off -- and rebooting, things worked as expected. I then changed DROPHOSTILE setting to on and rebooted -- resulting again with DROP_HOSTILE when pinging my local gateway.
On 3/8/2022 9:47 AM, Michael Tremer wrote:
Hello Charles,
On 7 Mar 2022, at 12:26, Charles Brown cab_77573@yahoo.com wrote:
Did a fresh install of core165 Development Build: next/cad86575
- Private Network is ‘Hostile’ – should it be?
No, it shouldn’t.
Initially, I had no access to red zone. All traffic was getting DROP_HOSTILE. My test setup has gateway through a 192.168 private network. Could not ping my 192.168 gateway without disabling the “drop hostile” feature. Somehow I thought that private network range would not be considered ‘hostile’.
Do you have some log files so I can look at what matched?
What build are you running?
-Michael
- Web page ids.cgi stops loading after header
The page header down through "Intrusion Prevention System <?>" is displayed and then stops -- nothing else on the page Log in httpd error shows as: "Unable to read file /var/ipfire/suricata/ignored at /var/ipfire/general-functions.pl line 883. " I went to the directory and created the 'ignored' file and chowned it to nobody:nobody. That allowed the page to complete loading
-cab
<hostile_private_net.log>