As the name states this topic contains several rules ( cf. http://rules.emergingthreats.net/open/suricata-5.0/rules/emerging-malware.rules ).
These rules can be activated/deactivated ( cf. wiki.ipfire.org - Rule Selection ).
I canāt believe even one of these rules blocks Debianās apt update / upgrade
This sounds like the shellcode IPS rules, and would be the intended behaviour then as Debian packages mostly contain executable shellcode.
1 Like
I donāt know these rules in depth. I do not use the IPS ( too much effort for my small home installation ).
See the wiki article.
A general assistance is hard, because the rule set needed depends on the special environment of the system, which differs from case to case.
The point, Peter, is how to diagnose the problem.
Iāve been dragging it around for weeks.
And I changed the DNS; and I activated and deactivated the individual services; and I made new installations; and I changed the providers of the rules; ā¦
Now you canāt ask me to test every single rule!
If I also need to disable IPS and Guardian, what use is IpFire that it cannot already do with a small Dlink router or with that of the Internet provider?
Said this, I donāt think Iām the only one in Europe to use that rule, right?
On Monday I disconnect Ipfire from the network because at this point there are more issue than advantages. If there is any suggestion for making a diagnosis, I will surely consider it.
That is not yet ātry to deactivateā, ātry to activateā, ātry to ā¦ā
Meanwhile, I do not make updates on other IpFire to not have to find myself having other blocks.