Add the VPN ip to a NETLIST.

James

@jamesdean:

Sorry about that, I forgot to add a file.

James

Good guys finish last.  ;D

Your suppression should look like this;

suppress gen_id 119, sig_id 1
suppress gen_id 119, sig_id 2
suppress gen_id 119, sig_id 4
suppress gen_id 119, sig_id 13

I had a similar issue - what fixed it it was Services / Snort / Global Settings / Reset button.

I had to reconfig Snort, but everything works great now.  Just fantastic; love this package.

@jimp:

It's a regex, iirc, so for "any number of characters (or none)" use .*, not *

So try this:

example.com/.*/w4m

Thank you; I'll will try that.

Since I posted, I was able to install squidGuard and compose a Destination List;
by following the instructions on the squidGuard Quick Start page http://diskatel.narod.ru/sgquick.htm.

That allowed me to selectively block just the dating and inappropriate portions of Craigslist.

I do have Shalla's Blacklist installed, but it's 'hard coded' for just one or two Craigslist cities.

I'll try your wildcard syntax and see if it works with a squidGuard destination list.  Right now, my Dest List uses a long set of URLs and I'll have to add another one for each additional city.  If your suggestion works there as well, the same URL set will work for every Craigslist city.  I'd forward the entries to Shalla SS; for integration into his list.

I'll also be using your syntax, where I originally intended.  Don't know for what, but something will pop up soon enough.

Your response is appreciated.

NV

Try This:

Let your squid listen on Optional Interface in Non Transparent Mode. Just forward all the http traffic from LAN interface to Optional Interface where your squid is listening (Default 3128). Since Your Squid is not going be in Transparent Mode you can Enable Authentication.

:)

I updated the package to pull the new version. It should be up in about 5 minutes.

@ToxIcon:

2010-07-11 19:08:52,679 - sync        : ERROR    <fault 1:="" "exceptions.keyerror:'timestamp'"="">Traceback (most recent call last):
  File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 117, in receive_new_hosts
    self.__prefs.get("SYNC_DOWNLOAD_RESILIENCY"))
  File "/usr/local/lib/python2.5/xmlrpclib.py", line 1147, in call
    return self.__send(self.__name, args)
  File "/usr/local/lib/python2.5/xmlrpclib.py", line 1437, in __request
    verbose=self.__verbose
  File "/usr/local/lib/python2.5/xmlrpclib.py", line 1201, in request
    return self._parse_response(h.getfile(), sock)
  File "/usr/local/lib/python2.5/xmlrpclib.py", line 1340, in _parse_response
    return u.close()
  File "/usr/local/lib/python2.5/xmlrpclib.py", line 787, in close
    raise Fault(**self._stack[0])
Fault: <fault 1:="" "exceptions.keyerror:'timestamp'"=""></fault></fault>

Looks like the problem is not python. From the FAQ Denyhosts was written for 2.3 and 2.4.

This might help someone but I don't use it because VPNs are a we bit safer  ;)

DenyHosts requires Python v2.3 or later. If you are using an earlier version of Python then you should install a newer version of Python on your system. Multiple versions of Python can safely co-exist on your server so you do not need to worry about breaking any dependencies. You should obtain the latest version of Python and install it on your system. Depending on the method of download, your latest Python executable is typically installed in /usr/local/bin or /usr/bin.
If you downloaded version Python v2.3, then the executable is python2.3. If you downloaded Python v2.4 then the executable is python2.4.

If you will be using DenyHosts in daemon mode, then you will need to edit the daemon-control-dist script. You will want to copy this file to "daemon-control" such that future DenyHosts upgrades will preserve your edits.

$ cp daemon-control-dist daemon-control

Assuming you installed Python v2.4 and the executable is in /usr/bin then you will need to make the following changes to your daemon-control script:

Line # From To
1 #!/usr/bin/env python #!/usr/bin/python2.4
18 PYTHON_BIN = "/usr/bin/env python" PYTHON_BIN = "/usr/bin/python2.4"
You may need to modify the above paths to reflect the actual installation location and version of Python that you installed.

If you are not using DenyHosts in daemon mode then to execute DenyHosts you would do the following:

$ python2.4 denyhosts … args...

-or-

$ python2.3 denyhosts ... args...

I have the same problem.

Add facebook as regular expression or domain name in squid Access Control or SquidGuard Custom BlackList. http or https it will get blocked.

@rds_correia:

Question: shouldn't all other packages have a similar feature in case something breaks from one version of pkg to another version of pkg?
Regards.

All other packages automatically keep all of their settings by default, they are not deleted. Snort is the only package the removes its settings and gives the option to save them. IMHO, that should be reversed so they are kept by default with the option to delete them, or just reverse the behavior and remove the option entirely so they are always kept and never deleted.

I just wanted to see where this issue is at on maybe a fix. Because everytime SNORT gets an update as it should, it will disable rules I enabled, and it will enable rules I disabled. Take for instance when using ICMP rules, I don't want to block ICMP ping, because this will block almost everything on the Internet and gets very annoying when using certain categories. I find myself saying the heck with it and simply disable the whole category list of rules just for the sake of a few rules causing issues everytime SNORT gets updates.

This is making the package hard to work with when you have to redo all your setting manually after every update.

Thanks for any help.