Hello guys,
I’m new to the IPfire world, just started testing IPfire. I set up IPS and was observing the “IP Address Blocklist Logs” and noticed some attack hits are being logged but the packets drop (in or out) are still at zero. I need help on how to enable configuration or the ruleset so it drops the packages too. Were the packets dropped? or just monitored by the IPS? I’m confused if it means the attempts were blocked or just logged. I’d greatly appreciate all your help and comments. Please see the screenshot below.
Hallo @crazyfire
Welcome to the IPFire community.
IPS and IP Blocklist are two separate things in IPFire.
IPS is the Intrusion Prevention System. It can also block IP’s but it will use more resources to do that than the IP Blocklist.
If you want to see the IPS logs then go to the Web User Interface menu - Logs -IPS Logs.
The setup pages for the IPS and for the IP Blocklist are in the Web User Interface menu
- Firewall - Intrusion Prevention
and
- Firewall - IP Address Blocklists
If you press the ? symbol at the top of each of those pages it will open up the relevant wiki pages for that item.
1 Like
Thank you Adolf for your reply. Your response help me figure out it does it automatically. I was trying to understand what it does. and now I see some hits and the hit count going up in a few items of the blocklist. I’m going to delete this thread as my concern was addressed/resolved. Again, thank you kindly.