I changed the IPS settings to monitor only and all the other controls, etc. disappeared from the GUI and stopped the service. Not sure what happened. Restarting doesn’t help. Any ideas?
I’m still having trouble with getting IPS to work again. I was hoping the update would help me out, but that didn’t happen. When I turn the monitor traffic only option off (uncheck the button) to re-enable IPS, it breaks something. Even though IPFire says the daemon is running, all the rule categories and some of the other options disappear. The IPS logs are blank, and system log isn’t any help either. If I load the last backup, the categories and options re-appear with the monitor traffic only button checked. I’m trying to avoid a complete re-install because I’m not sure the configuration backups I have aren’t just going to break it again . Any ideas?
Edit: I am able to use the Emerging Threats and Snort community rules. It’s the Talos registered ruleset that’s giving me trouble. I noticed that the free space left on the main partition is down to about 1GB, 82% full. Could that be the cause?
thank you for bringing this up again.
Unfortunately, I am unable to reproduce this behaviour on an IPFire machine running Core Update 157, using IPS in combination with the Emerging Threads community ruleset.
To rule out any broken or changed CGI file, could you check
ids.cgi on your system having the same checksum?
$ ssh root@maverick -C "sha256sum /srv/web/ipfire/cgi-bin/ids.cgi" 976cd0b6b5bfaa0070874350f1efe3639fd60091c5c0957b9799d02e513e1632 /srv/web/ipfire/cgi-bin/ids.cgi
Thanks, and best regards,
I verified that the checksum matches. I can enable the Emergingthreats and Snort/VRT rulesets and those rules appear, but the Talos/VRT Registered rules still do not appear when I enable that ruleset. When I switch from another ruleset like Emergingthreats to Talos, the rules from the previous ruleset (i.e., Emergingthreats) persist. The Talos rules do not appear. If I reboot the firewall and leave it in that configuration (with the Talos ruleset enabled and the Emergingthreats rules displayed), the condition persists.
The other rulesets seem to work fine, so I can use those, but I prefer the Talos ruleset. Is there a way to reset or clear the rules?