I am running 5.1.1 and enabled Data Collection, Dynamic Firewall, Firewall Logs and Minipots.
I am curious to see these in action, but the docs do not really tell you that.
I can see two processes running:
I can also see the periodic firewall log analysis (perhaps?):
Sep 24 06:45:01 turris crond[12679]: (root) CMD (/bin/sh -c "source /lib/functions/sentinel.sh; allowed_to_run "nikola" && exec sentinel-nikola --random-sleep")
Sep 24 09:45:53 turris sentinel_nikola: Logrotate took 0.092178 seconds
Sep 24 09:45:53 turris sentinel_nikola: Syslog parsing took 0.092342 seconds
Sep 24 09:45:53 turris sentinel_nikola: Records parsed: 138
Sep 24 09:45:53 turris sentinel_nikola: Sending records took 0.002362 seconds
Sometimes there is also certificate renewal:
Sep 23 23:40:43 turris sentinel: INFO [certgen.action_spec_init:63] Private key file not found. Generating new one.
Sep 23 23:40:43 turris sentinel: INFO [certgen.action_spec_init:100] Certificate file does not exist or is to be renewed. Re-certifying.
Sep 23 23:40:44 turris sentinel: INFO [certgen.start:321] Sleeping for 10 seconds
Sep 23 23:40:55 turris sentinel: INFO [certgen.process_get_response:136] New certificate successfully downloaded.
Sep 23 23:40:55 turris sentinel: INFO [certgen.action_spec_init:89] Valid certificate found
Sep 23 20:45:01 turris crond[28101]: (root) CMD (/bin/sh -c "source /lib/functions/sentinel.sh; allowed_to_run "nikola" && exec sentinel-nikola --random-sleep")
The above are part of the collection subsystem. I am curious to see the dynamic firewall subsystem too. What are the rules that downloaded and applied, how often etc.
I do not see the client process running and luci shows sentinel-dynfw-client disabled. How is this supposed to get started?
By default, it logs only errors. If you want to see more you can add the following line into /etc/init.d/sentinel-dynfw-client after other procd_append_param commands:
procd_append_param command --verbose
Then it can be restarted by /etc/init.d/sentinel-dynfw-client restart.
But remember that later updates may overwrite this change.
Maybe it would be nice to have some sort of graphical thing in or Luci or ReForis to see whats going on with this whole concept?
I’m aware of https://view.sentinel.turris.cz/ , but on a local level it would be nice to see if some IDS or IPS is actually doing something
Basically like Pakon already does or something?
I would welcome this too as it is not very obvious whether dynamic firewall runs at all and what changes/actions ocurres in process.
Is there any way to print out current dynamic firewall status and settings please?
Good, since i do think there is something ‘less optimal’ working atm. ( TurrisOS 5.1.2 omnia )
Already mentioned it in the update topic, but even if i make a rule to block in and outgoing WAN traffic from a local IP, it does not do anything…
For blocking TV to access internet you may want following rule instead. No need to individually block incoming packets from WAN to LAN, it is blocked by default.
hmmm, edit…pakon does not agree? interesting, since if i test the tv internet connection with the update function, it says 'bad connection" and network check on TV says yes to lan, but not outside.