ipfire-tor.rules: Silence more alerts.

author Stefan Schantl <stefan.schantl@ipfire.org>

Tue, 2 Aug 2022 18:21:39 +0000 (20:21 +0200)

committer Stefan Schantl <stefan.schantl@ipfire.org>

Mon, 4 Mar 2024 18:48:36 +0000 (19:48 +0100)
author Stefan Schantl <stefan.schantl@ipfire.org>
Tue, 2 Aug 2022 18:21:39 +0000 (20:21 +0200)
committer Stefan Schantl <stefan.schantl@ipfire.org>
Mon, 4 Mar 2024 18:48:36 +0000 (19:48 +0100)
diff --git a/config/tor/ipfire-tor.rules b/config/tor/ipfire-tor.rules

index cbff073648d4e905560eb25544f5302f48689de5..bedbf71d11a80a285293bf84a7f04e857fc8fa1a 100644 (file)
--- a/config/tor/ipfire-tor.rules
+++ b/config/tor/ipfire-tor.rules
@@ -2,4 +2,8 @@ pass http any !$HTTP_PORTS ->  $HOME_NET any (msg:"LOCAL No alerts for HTTP gzip
  pass tls $HOME_NET $TOR_RELAY_PORT -> $EXTERNAL_NET any (msg:"LOCAL No alerts for outgoing TLS traffic on tor port"; flowbits:noalert; flow:established; sid:1200001; rev:1;)
  pass tls $EXTERNAL_NET any -> $HOME_NET $TOR_RELAY_PORT (msg:"LOCAL No alerts for incomming TLS traffic on tor port"; flowbits:noalert; flow:established; sid:1200002; rev:1;)
  pass ip $EXTERNAL_NET any -> $HOME_NET [$TOR_RELAY_PORT,$TOR_SOCKS_PORT] (msg:"LOCAL No alerts for first Data in wrong direction"; flowbits:noalert; flow:established; app-layer-event:applayer_wrong_direction_first_data; sid:1200003; rev:1;)
-pass tcp $HOME_NET $TOR_RELAY_PORT -> $EXTERNAL_NET any (msg:"LOCAL No alerts for 3way handshake with ack in wrong dir"; flowbits:noalert; stream-event:3whs_ack_in_wrong_dir; classtype:protocol-command-decode; sid:1200004; rev:1;)
+pass ip $HOME_NET any -> $HOME_NET $TOR_SOCKS_PORT (msg:"LOCAL No alerts for Applayer Detect protocol only one direction"; flowbits:noalert; flow:established; app-layer-event:applayer_detect_protocol_only_one_direction; classtype:protocol-command-decode; sid:1200004; rev:1;)
+pass tcp $HOME_NET $TOR_RELAY_PORT -> $EXTERNAL_NET any (msg:"LOCAL No alerts for 3way handshake with ack in wrong dir"; flowbits:noalert; stream-event:3whs_ack_in_wrong_dir; classtype:protocol-command-decode; sid:1200005; rev:1;)
+pass tcp $EXTERNAL_NET any -> $HOME_NET $TOR_RELAY_PORT (msg:"LOCAL No alerts for  3way handshake wrong seq wrong ack"; flowbits:noalert; stream-event:3whs_wrong_seq_wrong_ack; classtype:protocol-command-decode; sid:1200006; rev:1;)
+pass tcp $EXTERNAL_NET any -> $HOME_NET $TOR_RELAY_PORT (msg:"LOCAL NO alerts for 3way handshake excessive different SYN/ACKs"; flowbits:noalert; stream-event:3whs_synack_flood; classtype:protocol-command-decode; sid:1200007; rev:1;)
+pass tcp any any -> $HOME_NET $TOR_RELAY_PORT (msg:"LOCAL No alerts for Packet with invalid timestamp"; flowbits:noalert; stream-event:pkt_invalid_timestamp; classtype:protocol-command-decode; sid:1200008; rev:1;)
author	Stefan Schantl <stefan.schantl@ipfire.org>
	Tue, 2 Aug 2022 18:21:39 +0000 (20:21 +0200)
committer	Stefan Schantl <stefan.schantl@ipfire.org>
	Mon, 4 Mar 2024 18:48:36 +0000 (19:48 +0100)