No problem
Done
https://bugzilla.ipfire.org/show_bug.cgi?id=11544
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690
On Sat, Nov 11, 2017 at 1:12 PM, Peter Müller peter.mueller@link38.eu wrote:
Hello,
could you please file this issue into a bug at: https://urldefense.proofpoint.com/v2/url?u=https-3A__ bugzilla.ipfire.org_&d=DwIFaQ&c=lb62iw4YL4RFalcE2hQUQealT9- RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m= okk6TOoVKluwinbPon6X7slnA2ey-DeI8BFCjLj5_9E&s= J6kMSWThGfY92guFItTx22URRilXwmBtPQRZGk2Xty0&e=
Thank you. :-)
Best regards, Peter Müller
Hi
I have Guardian set to only block Snort Priority Level 1 alerts but it's blocking Level 2 as well.
Alert:
[**] [1:2402000:4623] ET DROP Dshield Block Listed Source group 1 [**] [Classification: Misc Attack] [Priority: 2] 11/11-12:18:49.554499 77.72.82.7:53790 -> myip:4569 TCP TTL:246 TOS:0x28 ID:53722 IpLen:20 DgmLen:40 ******S* Seq: 0xFBE35F5A Ack: 0x0 Win: 0x400 TcpLen: 20 [Xref => https://urldefense.proofpoint.com/v2/url?u=http-3A__feeds.
dshield.org_block.txt&d=DwIFaQ&c=lb62iw4YL4RFalcE2hQUQealT9- RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m= okk6TOoVKluwinbPon6X7slnA2ey-DeI8BFCjLj5_9E&s=_ T4hJ7XVLbt8Z0KZgmQN05k9CLJSpr7Ew_w4sD09OZM&e=]
syslog:
Nov 11 12:18:49 ipfire guardian[3955]: <info> Blocking 77.72.82.7 for
86400
seconds...
/var/ipfire/guardian/guardian.conf:
# Autogenerated configuration file. # All user modifications will be overwritten.
# Log settings. LogFacility = syslog LogLevel = info
# IPFire related settings. FirewallEngine = IPtables SocketOwner = nobody:nobody IgnoreFile = /var/ipfire/guardian/guardian.ignore
# Configured block settings. BlockCount = 1 BlockTime = 86400 FirewallAction = DROP
# Enabled modules. Monitor_SSH = /var/log/messages Monitor_SNORT = /var/log/snort/alert Monitor_HTTPD = /var/log/httpd/error_log
# Module settings. SnortPriorityLevel = 1
Does anyone know of a fix?
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690