I want to use IPFire to test whether IPFire is good to be used as NIDS or not on a home network. However, I experienced a problem. I cannot activate the Intrusion Prevention System (IPS) on IPFire 2.25 as shown below:
I have chosen the ruleset and saved them, but the results are zero. Does anyone have a solution? The documentation that I have found is only for the previous version of IPFire which still separates IDS and IPS services. The configuration that I have implemented is as follows:
Attacker (Kali Linux) <----> firewall (IPFire as gateway) <----> WebServer (Ubuntu Server)
So, here I want to secure web servers from attack with IDS and IPS IPFire.
Thank you for your help.
You could try upgrading to core 144, that has been relatively reliable. Doing so might upgrade some configs and result in IDS working.
@rodneyp After getting your advice to update IPFire, I encountered a new problem that IPFire can not be updated, as shown below:
It turned out that the problem I encountered for both IPS and Pakfire occurred because my DNS failed to work. My internet connection was successful, but DNS was unable to translate the site I wanted to access. After making sure that DNS is active by changing the protocol for the DNS query to TCP, everything works fine. Thank you for the advice!
in order to make DNS more robust and private, you might want to switch to DNS over TLS (but don’t use resolvers like 22.214.171.124 et al. then ). Just saying…
A list of public DNS resolvers is available in the wiki.
Thanks, and best regards,