Messages

466

20.7 Legacy Series / Re: Unbound log doesn't update after upgrade to 20.7

« on: August 03, 2020, 02:07:45 pm »

Can you also check other logs? Any entries?

So, the following logs are not updated as last entries are back to August 1 at 18:33 when I updated to 20.7

   - System: Log Files: Backend
   - System: Log Files: Web GUI
   - Firewall: Log Files: Live View
   - Firewall: Log Files: Plain View
   - Services: DHCPv4: Log File
   - Services: Network Time: Log File
   - Services: Unbound DNS: Log File

and the only up-to-date log is
 
   - System: Log Files: General

Did you switch to text based logging?

Sorry, I don't what it means... 

And checking the dashboard, I see that both syslog-ng and syslogd are currently running.

467

20.7 Legacy Series / Re: unbound plugin not available after upgrade- not found in repos

« on: August 03, 2020, 09:00:43 am »

There is no Unbound plus plug-in as it's been included in the main code...

468

20.7 Legacy Series / Unbound log doesn't update after upgrade to 20.7

« on: August 02, 2020, 11:50:58 pm »

As per title, the last entry in the unbound log is yesterday at the time I upgraded to 20.7 and nothing since then, how come ??

Tia.

469

20.7 Legacy Series / Re: Services not restarting on reboot

« on: August 02, 2020, 11:47:54 pm »

Same issue here, syslog-ng never starts on it's own and I've to manually start it...

470

Intrusion Detection and Prevention / Re: IDS/IPS new settings

« on: August 02, 2020, 09:05:11 pm »

Thanks FullyBorked !

Another thing I've noticed is that the log looks different than when I had 20.1 & Suricata 4 (see attahcment): does anybody know how to get in the log the same info (i.e. timestamp, info about each rule, etc.) I had before ?

Tia.

471

20.7 Legacy Series / Re: syslogd or syslog-ng?

« on: August 01, 2020, 07:41:52 pm »

It would be useful if someoen could clarify whether we do need both to run and if not, which one then ?

Tia.

472

Intrusion Detection and Prevention / IDS/IPS new settings

« on: August 01, 2020, 06:44:45 pm »

I've just updated to 20.7 and noticed that in "Intrusion Detection" --> "Administration" there is the new setting 'Detecting Profile': no idea what the different options mean (default, low, medium, high, custom) 

What default does?

Where can I find a simple document which explains the different settings?

Tia.

473

20.7 Legacy Series / Re: DNS over TLS Servers

« on: August 01, 2020, 06:28:07 pm »

@Massimo1993, try to restart the unbound service after you fill in the resolvers on the Miscellaneous tab.  That made it start for me.

Which is the correct syntax: 9.9.9.9@853#dns.quad9.net or 9.9.9.9@853 ?

But then I have a question: Does unbound then ignore the General-> Enable forwarding mode?  Because that is NOT currently checked for me, but my requests are being forwarded to my DoT provider.

I remember reading in another post that 'Enable Forwarding Mode' can be unchecked

474

20.7 Legacy Series / Re: Failed 20.7 upgrade (twice)

« on: July 31, 2020, 05:55:17 pm »

what's the hardware?

475

20.7 Legacy Series / Re: Upgrading to 20.7 noob question

« on: July 31, 2020, 05:05:00 pm »

Yep 

476

Intrusion Detection and Prevention / DNS entries in my log

« on: July 31, 2020, 01:39:15 pm »

My log's got hundreds of those alerts: is this something to worry about or ?

Tia.

477

20.7 Legacy Series / Re: Upgrading to 20.7 noob question

« on: July 31, 2020, 08:54:20 am »

From the 20.1.9 Releas notes:

20.7-RC1 is already available and the final release of 20.7 is scheduled for July 30. A hotfix release for 20.1.9 will enable the upgrade path some hours after the initial 20.7 announcement is out

So just wait for the Hotfix... then you can upgrade...

Do we know when the Hotfix will be released?

Thanks.

478

Intrusion Detection and Prevention / Re: FireHOL Block List ( Botnets, Attacks, Malware....)

« on: July 26, 2020, 05:24:04 pm »

I've the WAN rules (attached) which I reckon I don't have to change/amend and I have rules (the same) for LAN and LAN2 (also attached).

If I want to consolidate the LAN and LAN2 rules by creating just one set of rules in 'Floating', can I do so by seelcting in 'Interface' both LAN and LAN2 and in Source 'any' ?

479

Intrusion Detection and Prevention / Re: FireHOL Block List ( Botnets, Attacks, Malware....)

« on: July 26, 2020, 04:56:36 pm »

2 rules source any, destination firehol and vice versa. No Interface selected

Do you mean I delete the rules in 'LAN' and 'LAN2' and I consolidate them into 1 in 'Floating' but without selecting the two LAN interfaces ?? Sorry, I'm confused  Can you be more specific ? 

480

Intrusion Detection and Prevention / Re: FireHOL Block List ( Botnets, Attacks, Malware....)

« on: July 26, 2020, 03:14:54 pm »

1) block is better since with reject the Firewall has to generate a packet (cost cpu cycle)
2)+3) Interface LAN, Source LAN net, direction ALWAYS *IN*, never use out ..

I have another question: if I use float rules, I can select both my two LAN interfaces rather than duplicate rules from LAN to LAN2  but in 'Source' I can't select bot 'LAN net' and LAN2 net', only one, so should I select 'any' or 'This Firewall' ?

Thanks.