blago.culjak at hotmail.com
Fri Feb 20 08:55:50 CET 2015
I have also noted that in guardian logs, I do have some IP that have been blocked, but I dont see them in iptables Guardian chain. So it's not working properly.
I would also suggest a feature, more about it, you can find here:
I would be great if triggered rule would block destination IP (of course, we do not block RED, Gateway or DNS Servers), to ensure that infected computer is not communicating with C&C server. Now, I only see that only source IP that attack our network are being blocked.
Subject: Re: Guardian 2.0
From: stefan.schantl at ipfire.org
To: development at lists.ipfire.org
Date: Thu, 19 Feb 2015 21:24:05 +0100
Hello Blago Culjak,
thanks for joining the testing team and for sharing your experience with
I guess there is still an instance of the old guardian running on the
system. On my test systems I have not seen this kind of problem.
Please check with "ps aux | grep guardian" for running guardian
processes and kill the by using "kill <PID>". Then please try to launch
guardian again and check the web interface.
> Hello, first of all guys, great job on new features, especially GeoIP
> and new Guardian, this are the features that are of great value.
> I will try to contribute on my part by testing, and translating Ipfire
> to Croatian.
> I have installed Guardian 2.10, just like in the IpFire planet post. I
> have now in Web interface new Guardian option, and I have setup
> basics. I have enabled the Guardian, but it just won't run. It always
> displays stopped in Web Interface.
> Issuing command:
> guardianctrl start
> Starting Guardian...
> Unable to continue: /usr/bin/guardian is running
> It displays that it's running. However, trying to stop it, displays
> this error:
> guardianctrl stop
> /etc/rc.d/init.d/guardian: line 33: [: too many arguments
> I have setuped a log in debug mode, but it doesnt give any more
> information, other then this:
> /usr/bin/guardian -d
> My host IP-address is: 5.133.x.x
> My gatewayaddess is: 85.94.x.x
> Loaded 1 entries from /var/ipfire/guardian/guardian.ignore
> Created watcher for /var/log/snort/alert
> Created watcher for /var/log/messages
> Created watcher for /var/log/httpd/error_log
> Running in debug mode...
> I can tell that no new firewall entries have been loaded into iptables
> regarding guardian, so it must not be running properly.
> Please advise.
> regards from midly warm Croatia
> Blago Culjak
> Development mailing list
> Development at lists.ipfire.org
Development mailing list
Development at lists.ipfire.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Development