Can’t Enable IPS on IPFire 2.27 (Core 167)

I did’nt find any way to activate the Intrusion Prevention System (IPS) on IPFire 2.27. Here is a picture:

If I try to choose a ruleset - nothing happened. Who could help?

Have you tried to add a provider first?
Eventually select one of the Community Rulesets and download the rules.
After that restart the IDS.



A quick look into the source of the page showed, that you really can start IPS only with a provider selected.
The additional entries shown in the wiki are displayed with a selected ruleset only.

Yes, I tried to add a provider. After klicking “add” I see an empty white screen. But nothing happens.

Are there any messages in /var/log/httpd/error_log or /var/log/messages ?

I just tried to reproduce your situation.

  • stopped IPS
  • removed the IPS provider
  • no start button etc.
  • added my IPS provider
  • start is possible and functioning

Only difference: I had a ruleset already. But a manual update went through also.

I had exactly the same problem as the OP, when I try and add an IPS Provider, after clicking the “add” button, I get a white screen.

Following @bbitsch 's suggestion, I checked in /var/log/hjttpd/error_log and found the following:

[Fri Jun 10 11:12:22.644834 2022] [core:notice] [pid 16552:tid 129761122461568] AH00094: Command line: '/usr/sbin/httpd'
Unable to write to file /var/ipfire/suricata/providers-settings at /var/ipfire/ line 902.
Unable to write to file /var/ipfire/suricata/providers-settings at /var/ipfire/ line 902.

I had tried twice, with two different providers which probably explains the repeated error messages.


Googling the error message took me to this thread: which had a slightly different problem, but the cause seems to have been the same.

It appears the wrong owner/group have been set for the file /var/ipfire/suricata/providers-settings. On my system they were root:root when they should have been nobody:nobody

Running the following command from the SSH console logged in to my firewall fixed the problem for me:

chown nobody:nobody /var/ipfire/suricata/providers-settings

@robh thankyou this “can’t enable IPS” fix also worked for me on ipfire 2.27 core 170

1 Like