Terrified new user but I cant stop looking!

Hello and thanks for the awesome software! I’ve test drove a few other FOSS FW/IPS/IDS solutions and this was the most intuitive one yet although I do have some feedback and questions so I’ll start with the two merged first then go into details.
I’m sure most of this is just me only using this for about 24 hours and never been a Firewall Administrator in my 32 years of seeing ATM/DSL/ISDN /PRI/T1/DS3 come and go. I build networks I’ve never had to secure one.so it’s probably my ignorance and lack of education at this point in time.

It would be nice if when you select a module to install that it would provide feedback as to the location of the file(s) you need to edit.
I found snmp.conf in 4 locations but only /etc/snmpd.conf was the correct one to edit. Maybe somewhere on the WebUI it could say something like “parsing config file at /path/to/module.conf?” wiki.ipfire.org - Net-SNMP daemon doesn’t say $h!t about where the file is.

IPS Log Viewer show entries similar to below:
SANITIZED.PUB.IP 11312 → 199.7.91.13:53 ET INFO Observed DNS Query to .biz TLD
To me, as a newb that’s completely worthless! Who is the network client making that request to the DNS service? I just kept shutting down ports on my cisco switch until the entries stopped. It would be nice to know the client behind NAT that is asking for the .biz domain in the log entry. I just had to eventually use what I know and setup RSPAN on the switch and used wireshark to find further offending clients.
W
hat is the point of Location Blocking if it is still able to get through that and only be finally dropped by a FW rule for entire CIDR netblocks I have had to manually enter?

I wont get started on the PXE boot server setup that took me 6 hours to figure out, I’ll be editing the WIKI with details.

Wireguard?
VRRP for HA? (probably need to RTFM on that one, but not there yet.)

DHCP update DNS doesn’t seem to function, I’ve had to edit HOSTS for every client and the logs still do not perform lookups so that seem not right to me.

Who’s on FIrst? (order of operations)
Location>IPS>IDS>FW Rule?
FW Rule> Location> IPS> IDS?
I have no idea man…like…none at all :slight_smile:

WebUI based file editor would be awesome. One page that has all the installed modules listed and a simple click to open the file, edit it and apply which would restart the service.

IP6 is disabled or so I thought I read that but netstat shows services listening on ports over that protocol. I’m not sure what to believe anymore…THE CAKE IS A LIE!

Anyway it’s 3am for me and for some reason I have everything but USA and CANADA blocked with the location module and I still have log files being filled chock of entries from RU trying to RDP/SIP/SQL/DNS hack my pants off.

I’m off for now but I look forward to chatting with y’all and getting “more better” at this.

Here’s my tag. fireinfo.ipfire.org - Profile de19566817f353b426da2ffe9996ef50edf90b81

Gnight!
~frustro.

Hi,

first, welcome to the IPFire community. :slight_smile:

Second, please ask only one question or raise one topic per thread. This simply avoids misunderstandings,
and makes things easier to discuss, because every one knows what the topic is about.

Therefore, I would like to ask you to split up your post into several threads. :slight_smile:

Thanks, and best regards,
Peter Müller

Thanks for the welcome Peter and the advice on creating separate topics.
It is quite possible that I have defined “Getting started with IPFire” differently. As a new user I have simply shared my experience with “getting started” and just some of the…learning curve associated with trying something new. I am just thinking/ speaking out loud and not really asking for any answers or solutions but feedback is welcome!

Every time I screwed something up and had to reinstall (7 times!) I bitterly complained that there should be a “factory reset” until I realized that my dumbass should probably make a backup of the system before I started poking around and use THAT as my failsafe base configuration. I’m pretty handsome ( you know what it’s like to have a name like Peter…we just cant help it) but I’m not smart all the time. Pretty sure it has something to do with the greek translation of our name…Rock.

I still have my trusty PIX-501 and a ASA5505 so deployment of this solution is not imperative for any production environment…If you can call me providing a Pseudo ISP in a RV trailer park a production environment at all :slight_smile: I have been eyeballing my 4 SPARC SunFire V210’s and contemplating “what if…”

When I do hit a roadblock I will pray for assistance and will create a focused topic, one at a time and work through them, But for now, as a novice with little more than 30 hours of actual focused mental torture I’m soon to be elbow deep in self education. I’m sure that I can alleviate most of my own new kid on the block woes in short order.

Who am I as a new guy and start throwing out feature requests when I haven’t even cloned the git and looked an the build system and created a pkg let alone figured out how to create DHCP scopes for the 22 VLAN’s I’m currently routing with multiple openWRT x86_64 VM’s?

pfft…the nerve of some peoples kids I swear!

~frustro

Hi,

thanks for your reply. I am not quite sure how to respond to it, but will try anyway. :slight_smile:

It is quite possible that I have defined “Getting started with IPFire” differently. As a new user I have simply shared my experience with “getting started” and just some of the…learning curve associated with trying something new.

I see. That perspective never really occurred to me…

Every time I screwed something up and had to reinstall (7 times!) I bitterly complained that there should be a “factory reset” until I realized that my dumbass should probably make a backup of the system before I started poking around and use THAT as my failsafe base configuration.

Indeed, there web interface offers a backup functionality, and it usually works well. :slight_smile:

However, it might be indeed interesting to hear about the changes you made to IPFire. To my knowledge, breaking the system via the web interface in a way a reinstall is necessary is a pretty hard task to do. For example, you cannot lock yourself out from accessing the web interface via the green network.

Should you stumble across bugs, please report them. Further information on how to do so can be retrieved here.

I still have my trusty PIX-501 and a ASA5505 so deployment of this solution is not imperative for any production environment…

No offense intended, but with regards to this blog post of @ms, it is a good thing you discovered IPFire. :wink:

Who am I as a new guy and start throwing out feature requests when I haven’t even cloned the git and looked an the build system and created a pkg let alone figured out how to create DHCP scopes for the 22 VLAN’s I’m currently routing with multiple openWRT x86_64 VM’s?

Um, I did not really understood the tone of this sentence. Irony? Sarcasm?

Either way, you can of course ask for features without digging that deep into IPFire’s innards. :slight_smile:

Thanks, and best regards,
Peter Müller

1 Like