Bug 12749

Summary: Dead link on page www.ipfire.org/features
Product: Infrastructure Reporter: Charles Brown <cab_77573>
Component: Web SiteAssignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact:
Severity: - Unknown -    
Priority: - Unknown -    
Version: unspecified   
Hardware: unspecified   
OS: Unspecified   

Description Charles Brown 2021-12-22 17:00:04 UTC
On the webpage “www.ipfire.org/features”, the DOCUMENTATION button for "Intrusion Detection/Prevention System" takes you to a dead link.  Perhaps the correct link for the button should be "wiki.ipfire.org/configuration/firewall/ips"
Comment 1 Charles Brown 2022-01-14 16:43:30 UTC
It would seem @ about line 104 in features.html
    href="https://wiki.ipfire.org/configuration/services/ids"
would need to be changed to ... 
    href="https://wiki.ipfire.org/configuration/firewall/ips"
 
That would fix the button press.
And perhaps it would also seem reasonable to change the text references from "Detection" to "Prevention" and correspondingly change the acronym "IDS" to "IPS"
Comment 3 Michael Tremer 2022-02-23 18:35:50 UTC
http://git.ipfire.org/?p=ipfire.org.git;a=commit;h=73cebb40bb196fe2312f79da703adb7b75920f2f

Author: Michael Tremer <michael.tremer@ipfire.org>

features: Update text and link around the IPS

Fixes: #12749
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Comment 4 Michael Tremer 2022-02-23 18:39:14 UTC
Oh nice, I didn't know there was a nice script that does this for me :)

This is all rolled out now. Thank you for noticing.
Comment 5 Charles Brown 2022-02-23 21:03:07 UTC
The web-page text “Upon detection, alerts are raised and the attacker is immediately blocked”  tends to hint of the legacy technique of blocking the attacker with Guardian.  Nowadays the ‘attacker’ is not blocked, rather the offending packet(s) that raise alerts are ‘dropped’.
Comment 6 Michael Tremer 2022-02-24 09:19:56 UTC
Y(In reply to Charles Brown from comment #5)
> The web-page text “Upon detection, alerts are raised and the attacker is
> immediately blocked”  tends to hint of the legacy technique of blocking the
> attacker with Guardian.  Nowadays the ‘attacker’ is not blocked, rather the
> offending packet(s) that raise alerts are ‘dropped’.

Yes, I stumbled over this one as well.

I believe that in all this brevity, this is correct. We will scan first, then detect something, and then log the packet and drop it. Guardian worked differently, but worked in the same way.

The entire website is (hopefully) be replaced soon and the entire features page will go. To avoid investing too much time into this, I would like to leave it the way it is and hopefully we will do better with the next one.
Comment 7 Charles Brown 2022-02-24 14:49:36 UTC
Sounds good.  Thanks for all your dedicated efforts on this damn fine product.