I've commited a very basic configuration file for suricata (suricata.yaml) which almost depends on the shipped config file from the suricata project. We need to adjust this file for usage in IPFire.
The commit can be found here: https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=4c6d6c1ee3308e8143b95867376f29876739a149
I did a brief review of the configuration file and one of the first things that caught my eye was that HOME_NET is the entire RFC1918 range. We don't want that, but it is good enough for testing at least. In the final version, HOME_NET should be the GREEN, BLUE and ORANGE networks only (if they exist) and VPNs should not be part of it. I guess we could also remove some sections like the one for redis which we will never use. I like the commenting on the rest of the file and that makes it very clear what each option is supposed to be doing.
The configuration file is huge indeed. I will take care of this.
I've done some initial changes on the configuration file and removed some configurations settings which are not used by IPFire, not supported because not compiled in or because of a different platform (bsd firewall stuff). This were just some really quick changes and of course there is a lot of more work to do until we have a final distribute specific configuration file. https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=335114b207971fa88bc768c7dea49747b15b4fae
There is still loads of stuff in there that we don't need like cuda, etc.
TODO list: - l. 31: HTTP_PORTS: also add some other ports? - l. 143: add ports 465, 993, 995 - l. 185: why not using "yes" here? - l. 187: dto. - l. 211: add DNS over TLS ports, too - l. 215: dto. - l. 350: why not at least "detection-only" - l. 501ff: Is a default policy of two OSs (Windows + Linux) suitable?
As far as I am concerned, this is on MODIFIED by now.