Guardian 2.0

Blago Culjak blago.culjak at hotmail.com
Fri Feb 20 08:55:50 CET 2015


I have also noted that in guardian logs, I do have some IP that have been blocked, but I dont see them in iptables Guardian chain. So it's not working properly.

I would also suggest a feature, more about it, you can find here:
http://forum.ipfire.org/viewtopic.php?f=52&t=12639

I would be great if triggered rule would block destination IP (of course, we do not block RED, Gateway or DNS Servers), to ensure that infected computer is not communicating with C&C server. Now, I only see that only source IP that attack our network are being blocked.

Subject: Re: Guardian 2.0
From: stefan.schantl at ipfire.org
To: development at lists.ipfire.org
Date: Thu, 19 Feb 2015 21:24:05 +0100

Hello Blago Culjak,
 
thanks for joining the testing team and for sharing your experience with
us.
 
I guess there is still an instance of the old guardian running on the
system. On my test systems I have not seen this kind of problem.
 
Please check with "ps aux | grep guardian" for running guardian
processes and kill the by using "kill <PID>". Then please try to launch
guardian again and check the web interface.
 
Best regards,
 
-Stefan
> Hello, first of all guys, great job on new features, especially GeoIP
> and new Guardian, this are the features that are of great value. 
> 
> I will try to contribute on my part by testing, and translating Ipfire
> to Croatian.
> 
> I have installed Guardian 2.10, just like in the IpFire planet post. I
> have now in Web interface new Guardian option, and I have setup
> basics. I have enabled the Guardian, but it just won't run. It always
> displays stopped in Web Interface.
> 
> Issuing command:
> guardianctrl start
> Starting Guardian...
> Unable to continue: /usr/bin/guardian is running 
> 
> It displays that it's running. However, trying to stop it, displays
> this error:
> guardianctrl stop
> /etc/rc.d/init.d/guardian: line 33: [: too many arguments
> 
> I have setuped a log in debug mode, but it doesnt give any more
> information, other then this:
> 
> /usr/bin/guardian -d
> My host IP-address is: 5.133.x.x
> My gatewayaddess is: 85.94.x.x
> Loaded 1 entries from /var/ipfire/guardian/guardian.ignore
> Created watcher for /var/log/snort/alert
> Created watcher for /var/log/messages
> Created watcher for /var/log/httpd/error_log
> Running in debug mode...
> 
> I can tell that no new firewall entries have been loaded into iptables
> regarding guardian, so it must not be running properly.
> 
> Please advise.
> 
> regards from midly warm Croatia
> 
> Blago Culjak
> 
> 
> _______________________________________________
> Development mailing list
> Development at lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
 

_______________________________________________
Development mailing list
Development at lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipfire.org/pipermail/development/attachments/20150220/af46baea/attachment-0001.html>


More information about the Development mailing list