Hello Ville,
thanks for joining the testing team.
There is currently no update from an existing IPFire installation to the suricata containing one. So you have to create backups, do a fresh installation and then restore your backups.
If possible and some test hardware is available, please install the image on a different machine than your productive one.
Best regards,
-Stefan
Hello,
Thx for bringing this update!
Is it ok to update my stable version of ipfire core 126 or should I install this suricata version and then use backups to get my data and settings back?
-Ville-
On 6 Feb 2019, at 10.58, Stefan Schantl stefan.schantl@ipfire.org wrote:
Hello list,
today im very happy to announce a new test image with the latest snapshot of the process bringing suricata to all of you.
The image is now hosted and provided by the nightly build feature (a big thanks to Michael for providing this) of IPFire, so if development goes on, every time a new image will be generated and easily can be downloaded.
The latest image always can be grabbed from here:
https://nightly.ipfire.org/next-suricata/latest/x86_64/
Direct link for downloading the ISO image:
https://nightly.ipfire.org/next-suricata/latest/x86_64/ipfire-2.21.x86_64-fu...
There is currently one known issue, that any kind of snort rules (sourcefire) currenty can not be downloaded, so you have to use the rulesets from emergingthreads for testing. This issue will be fixed with the next image provided by the nightly build service.
Thanks for downloading and testing, as usual please file any bugs to our bugtracker (https://bugzilla.ipfire.org) and share your feedback on this list.
Best regards,
-Stefan
Hello list followers,
some time ago development for the new implementation of the Intrusion Detection functionality in IPFire has been started.
The main goal, in a nutshell, was to give IPFire a modern, feature- rich and user-friendly Intrusion Detection Engine. During this progress, the detection framework has been replaced - now suricata is used instead of snort.
Suricata uses a very modern and multi-threaded detection engine with support to perform actions on malicious traffic. So it provides the functionality of detecting any kind of intrusion attempts and the ability of guardian to block them under the same hood.
It was a lot of work, but finaly I'm happy to announce the first test version. It is almost feature complete and without any kind of bigger issues.
Because Intrusion Detection is a key feature of a firewall system, a lot of testing is required until the new implementation can become part of IPFire - therefore we need your help!
Download the test image ( https://people.ipfire.org/~stevee/suricata/Images/), do a lot of hard testing and provide your feedback or suggestions on the develoment mailing list ( https://lists.ipfire.org/mailman/listinfo/development).
If you find any bugs please file them in the IPFire Bugtracker ( https://bugzilla.ipfire.org/).
Many thanks in advance,
-Stefan