I have also noted that in guardian logs, I do have some IP that have been blocked, but I dont see them in iptables Guardian chain. So it's not working properly.
I would also suggest a feature, more about it, you can find here: http://forum.ipfire.org/viewtopic.php?f=52&t=12639
I would be great if triggered rule would block destination IP (of course, we do not block RED, Gateway or DNS Servers), to ensure that infected computer is not communicating with C&C server. Now, I only see that only source IP that attack our network are being blocked.
Subject: Re: Guardian 2.0 From: stefan.schantl@ipfire.org To: development@lists.ipfire.org Date: Thu, 19 Feb 2015 21:24:05 +0100
Hello Blago Culjak,
thanks for joining the testing team and for sharing your experience with us.
I guess there is still an instance of the old guardian running on the system. On my test systems I have not seen this kind of problem.
Please check with "ps aux | grep guardian" for running guardian processes and kill the by using "kill <PID>". Then please try to launch guardian again and check the web interface.
Best regards,
-Stefan
Hello, first of all guys, great job on new features, especially GeoIP and new Guardian, this are the features that are of great value.
I will try to contribute on my part by testing, and translating Ipfire to Croatian.
I have installed Guardian 2.10, just like in the IpFire planet post. I have now in Web interface new Guardian option, and I have setup basics. I have enabled the Guardian, but it just won't run. It always displays stopped in Web Interface.
Issuing command: guardianctrl start Starting Guardian... Unable to continue: /usr/bin/guardian is running
It displays that it's running. However, trying to stop it, displays this error: guardianctrl stop /etc/rc.d/init.d/guardian: line 33: [: too many arguments
I have setuped a log in debug mode, but it doesnt give any more information, other then this:
/usr/bin/guardian -d My host IP-address is: 5.133.x.x My gatewayaddess is: 85.94.x.x Loaded 1 entries from /var/ipfire/guardian/guardian.ignore Created watcher for /var/log/snort/alert Created watcher for /var/log/messages Created watcher for /var/log/httpd/error_log Running in debug mode...
I can tell that no new firewall entries have been loaded into iptables regarding guardian, so it must not be running properly.
Please advise.
regards from midly warm Croatia
Blago Culjak
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
_______________________________________________ Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development