SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000406: snort and pop3-spam filter not working - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000406Endian FirewallOther Servicespublic2008-01-02 19:302008-02-02 07:28
bodo olschewski 
ra-endian 
normalmajoralways
closedfixed 
2.2-beta2 
2.2-beta3 
0000406: snort and pop3-spam filter not working
I installed 2.2 beta 2 two times under vmware, first with settings backup, second time complete fresh.

Snort:
All three interfaces (green/blue/orange) are red, red interface is not shown (like at 2.12). Loading snort rules works, but nothing changes;
snort seems not to run in V2.2 beta 2.

Pop3 spam-filter:
I use transparent on orange and pyzor; everything shows "green" and also restarts when I save the dialog, but no incomming mail gets marked.
No tags attached.
Issue History
2008-01-02 19:30bodo olschewskiNew Issue
2008-01-03 10:45bigantonNote Added: 0000716
2008-01-07 11:41ra-endianStatusnew => assigned
2008-01-07 11:41ra-endianAssigned To => ra-endian
2008-01-07 11:41ra-endianStatusassigned => confirmed
2008-01-07 11:48ra-endianStatusconfirmed => resolved
2008-01-07 11:48ra-endianFixed in Version => 2.2-beta3
2008-01-07 11:48ra-endianResolutionopen => fixed
2008-01-07 11:48ra-endianNote Added: 0000722
2008-02-02 07:28raphael-endianStatusresolved => closed

Notes
(0000716)
biganton   
2008-01-03 10:45   
same here - fresh install of 2.2b2 on a machine with 4 nics (1xrtl8069 + 3x rtl8139). services view shows orange,blue,green (no red) all as not running. also no snort log produced overnight.

maybe there is something wrong with ids.cgi: it stores the checkbox settings for the interfaces but it forgets the radio button settings for sourcefire vrt rules and my impression is that the page updates too quick ...
(0000722)
ra-endian   
2008-01-07 11:48   
This bug has been fixed in the next release.


changes:
File: /usr/local/bin/restartpopscan.py

from:
def insert_rule(device,address,virtual_address):
    if config_value.get('LOG_FIREWALL', '0') == '1':
        debug("Insert p3scan log rules for device %s"%device)
        run("/sbin/iptables -t nat -A P3SCAN -p tcp -i %s -m state --state NEW -j ULOG --ulog-prefix 'P3SCAN ' " % (device) )
        debug("Insert p3scan DNAT rules for device %s"%device)
        run("/sbin/iptables -t nat -A P3SCAN -j DNAT -p tcp -i %s --to-destination %s:8110 " %(device,config_value["GREEN_ADDRESS"]) )


to;
def insert_rule(device,address,virtual_address):
    if config_value.get('LOG_FIREWALL', '0') == '1':
        debug("Insert p3scan log rules for device %s"%device)
        run("/sbin/iptables -t nat -A P3SCAN -p tcp -i %s -m state --state NEW -j ULOG --ulog-prefix 'P3SCAN ' " % (device) )
    debug("Insert p3scan DNAT rules for device %s"%device)
    run("/sbin/iptables -t nat -A P3SCAN -j DNAT -p tcp -i %s --to-destination %s:8110 " %(device,config_value["GREEN_ADDRESS"]) )