Intrusion Prevention Rulesets recommended?

What ruleset would you recommend? Which one works best with the least issues. Also, my install will run ok (if you forget the Intrusion Prevention) for several hours but then it starts putting the firewall log output on my console. Let me rephrase. The direct connection to IPFire which uses only keyboard and monitor and does not go through any LAN or WAN. That monitor is where the logs from the firewall suddenly start showing. Before that happens it looks normal. You can log in as root and edit files. But after several hours the command line goes away and only the firewall output goes to that screen. It is in constant scroll. Anyone got any ideas??? 2 questions. Hope they are not too hard to answer.

I cannot answer the first question, as I do not use Intrusion Prevention.

About the second question, in Linux usually there are 12 consoles available and the 12th is the one showing the kernel logs. For some reason it looks like you have switched from tty1 to whatever terminal is showing the logs. Can you try to type the keyboard shortcut Ctrl + Alt + F1? This should send you back to the original console.

You can switch between different tty sessions using the keyboard shortcuts Ctrl + Alt + Fx, where x is the tty number.

A bug was raised on this back in July.

Just use the default ruleset , called “ Community Rules”

You can go through the IPS log and see any false positives

There used to be “monitor only” option but don’t see it anymore.

1 Like

Monitor only can be selected for each provider. Select the edit icon in the providers table fir each provider you have defined. On the provider page is a checkbox for monitor only.