Can't Enable IPS on IPFire 2.25 (Core 141)

afathurizki · 31 May 2020 11:09

I want to use IPFire to test whether IPFire is good to be used as NIDS or not on a home network. However, I experienced a problem. I cannot activate the Intrusion Prevention System (IPS) on IPFire 2.25 as shown below:

I have chosen the ruleset and saved them, but the results are zero. Does anyone have a solution? The documentation that I have found is only for the previous version of IPFire which still separates IDS and IPS services. The configuration that I have implemented is as follows:

Attacker (Kali Linux) <----> firewall (IPFire as gateway) <----> WebServer (Ubuntu Server)

So, here I want to secure web servers from attack with IDS and IPS IPFire.

Thank you for your help.

rodneyp · 31 May 2020 12:12

You could try upgrading to core 144, that has been relatively reliable. Doing so might upgrade some configs and result in IDS working.

afathurizki · 31 May 2020 14:12

@rodneyp After getting your advice to update IPFire, I encountered a new problem that IPFire can not be updated, as shown below:

It turned out that the problem I encountered for both IPS and Pakfire occurred because my DNS failed to work. My internet connection was successful, but DNS was unable to translate the site I wanted to access. After making sure that DNS is active by changing the protocol for the DNS query to TCP, everything works fine. Thank you for the advice!

pmueller · 1 June 2020 08:52

Hi,

in order to make DNS more robust and private, you might want to switch to DNS over TLS (but don’t use resolvers like 8.8.8.8 et al. then ). Just saying…

A list of public DNS resolvers is available in the wiki.

Thanks, and best regards,
Peter Müller